Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
file.exe

Overview

General Information

Sample name:file.exe
Analysis ID:1566418
MD5:c02392d9a9831e51c84e937678a960be
SHA1:eec12c327c9e5d53fb2dd37ff962e19d13abd87d
SHA256:b7996f60dbafd2d81c2699d9e033f44f3b4cfef88bfe8f4895b1997b59b634a0
Tags:exeuser-Bitsight
Infos:

Detection

Score:72
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Multi AV Scanner detection for submitted file
AI detected suspicious sample
Binary is likely a compiled AutoIt script file
Found API chain indicative of sandbox detection
Machine Learning detection for sample
Connects to many different domains
Contains functionality for execution timing, often used to detect debuggers
Contains functionality for read data from the clipboard
Contains functionality to block mouse and keyboard input (often used to hinder debugging)
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a window is minimized (may be used to check if an application is visible)
Contains functionality to communicate with device drivers
Contains functionality to dynamically determine API calls
Contains functionality to execute programs as a different user
Contains functionality to launch a process as a different user
Contains functionality to launch a program with higher privileges
Contains functionality to modify clipboard data
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to query CPU information (cpuid)
Contains functionality to read the PEB
Contains functionality to read the clipboard data
Contains functionality to retrieve information about pressed keystrokes
Contains functionality to shutdown / reboot the system
Contains functionality to simulate keystroke presses
Contains functionality to simulate mouse events
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Detected potential crypto function
Drops PE files
Enables debug privileges
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
OS version to string mapping found (often used in BOTs)
PE file contains sections with non-standard names
Potential key logger detected (key state polling based)
Sample execution stops while process was sleeping (likely an evasion)
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Uses taskkill to terminate processes

Classification

Process Tree

  • System is w10x64
  • file.exe (PID: 4052 cmdline: "C:\Users\user\Desktop\file.exe" MD5: C02392D9A9831E51C84E937678A960BE)
    • taskkill.exe (PID: 5636 cmdline: taskkill /F /IM firefox.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)
      • conhost.exe (PID: 1812 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • taskkill.exe (PID: 4696 cmdline: taskkill /F /IM chrome.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)
      • conhost.exe (PID: 6980 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • taskkill.exe (PID: 7188 cmdline: taskkill /F /IM msedge.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)
      • conhost.exe (PID: 7196 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • taskkill.exe (PID: 7252 cmdline: taskkill /F /IM opera.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)
      • conhost.exe (PID: 7260 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • taskkill.exe (PID: 7316 cmdline: taskkill /F /IM brave.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)
      • conhost.exe (PID: 7324 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • firefox.exe (PID: 7380 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --no-default-browser-check --disable-popup-blocking MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
  • firefox.exe (PID: 7412 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking --attempting-deelevation MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
    • firefox.exe (PID: 7428 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
      • firefox.exe (PID: 7664 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2192 -parentBuildID 20230927232528 -prefsHandle 2128 -prefMapHandle 2112 -prefsLen 25308 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9c63859c-2e55-4015-b3c1-89393a302c0d} 7428 "\\.\pipe\gecko-crash-server-pipe.7428" 2248dd6ef10 socket MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
      • firefox.exe (PID: 7316 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4164 -parentBuildID 20230927232528 -prefsHandle 2976 -prefMapHandle 3680 -prefsLen 26338 -prefMapSize 237879 -appDir "C:\Program Files\Mozilla Firefox\browser" - {09b45220-661d-4d2a-9a53-a9b4f94dc97c} 7428 "\\.\pipe\gecko-crash-server-pipe.7428" 224a0221c10 rdd MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
      • firefox.exe (PID: 6716 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5096 -parentBuildID 20230927232528 -sandboxingKind 0 -prefsHandle 5092 -prefMapHandle 5080 -prefsLen 33119 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e326052a-a99c-48d9-b989-3184b4b5e684} 7428 "\\.\pipe\gecko-crash-server-pipe.7428" 224a7457110 utility MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Antivirus / Scanner detection for submitted sample
Source: file.exeAvira: detected
Multi AV Scanner detection for submitted file
Source: file.exeVirustotal: Detection: 16%Perma Link
AI detected suspicious sample
Source: Submited SampleIntegrated Neural Analysis Model: Matched 99.0% probability
Machine Learning detection for sample
Source: file.exeJoe Sandbox ML: detected
Source: file.exeStatic PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.5:49733 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.160.144.191:443 -> 192.168.2.5:49734 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.160.144.191:443 -> 192.168.2.5:49739 version: TLS 1.2
Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.5:49750 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.5:49757 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.5:49758 version: TLS 1.2
Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.5:49817 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.5:49818 version: TLS 1.2
Source: unknownHTTPS traffic detected: 151.101.1.91:443 -> 192.168.2.5:49821 version: TLS 1.2
Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.5:49824 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.5:49822 version: TLS 1.2
Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.5:49823 version: TLS 1.2
Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.5:49825 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.5:49895 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.5:49896 version: TLS 1.2
Source: Binary string: freebl3.pdb source: firefox.exe, 0000000E.00000003.2296552859.00000224A91EF000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: UMPDC.pdb source: firefox.exe, 0000000E.00000003.2296552859.00000224A91EF000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: wininet.pdb source: firefox.exe, 0000000E.00000003.2296552859.00000224A91EF000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: avrt.pdb source: firefox.exe, 0000000E.00000003.2296552859.00000224A91EF000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: pnrpnsp.pdb source: firefox.exe, 0000000E.00000003.2318647190.000002249DE68000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: WscApi.pdb source: firefox.exe, 0000000E.00000003.2296552859.00000224A91EF000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: NapiNSP.pdb source: firefox.exe, 0000000E.00000003.2312256849.000002249DE68000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: npmproxy.pdbUGP source: firefox.exe, 0000000E.00000003.2319907182.000002249DE68000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: 8ExplorerFrame.pdb source: firefox.exe, 0000000E.00000003.2296552859.00000224A91EF000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: z:\task_1551543573\build\openh264\gmpopenh264.pdb source: gmpopenh264.dll.tmp.14.dr
Source: Binary string: npmproxy.pdb source: firefox.exe, 0000000E.00000003.2319907182.000002249DE68000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: nssckbi.pdb source: firefox.exe, 0000000E.00000003.2296552859.00000224A91EF000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: dcomp.pdb source: firefox.exe, 0000000E.00000003.2296552859.00000224A91EF000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8audioses.pdb source: firefox.exe, 0000000E.00000003.2296552859.00000224A91EF000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8netutils.pdb source: firefox.exe, 0000000E.00000003.2296552859.00000224A91EF000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8Bcp47mrm.pdb source: firefox.exe, 0000000E.00000003.2296552859.00000224A91EF000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8osclientcerts.pdb source: firefox.exe, 0000000E.00000003.2296552859.00000224A91EF000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: mscms.pdb source: firefox.exe, 0000000E.00000003.2296552859.00000224A91EF000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8softokn3.pdb source: firefox.exe, 0000000E.00000003.2296552859.00000224A91EF000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: sspicli.pdb source: firefox.exe, 0000000E.00000003.2296552859.00000224A91EF000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8rasadhlp.pdb source: firefox.exe, 0000000E.00000003.2296552859.00000224A91EF000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: urlmon.pdb source: firefox.exe, 0000000E.00000003.2296552859.00000224A91EF000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8DataExchange.pdb source: firefox.exe, 0000000E.00000003.2296552859.00000224A91EF000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: z:\task_1551543573\build\openh264\gmpopenh264.pdbV source: gmpopenh264.dll.tmp.14.dr
Source: Binary string: NapiNSP.pdbUGP source: firefox.exe, 0000000E.00000003.2312256849.000002249DE68000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: userenv.pdb source: firefox.exe, 0000000E.00000003.2296552859.00000224A91EF000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8iertutil.pdb source: firefox.exe, 0000000E.00000003.2296552859.00000224A91EF000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8fwpuclnt.pdb source: firefox.exe, 0000000E.00000003.2296552859.00000224A91EF000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: netprofm.pdb source: firefox.exe, 0000000E.00000003.2310726075.00000224A1F41000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: winhttp.pdb source: firefox.exe, 0000000E.00000003.2296552859.00000224A91EF000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: msimg32.pdb source: firefox.exe, 0000000E.00000003.2296552859.00000224A91EF000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: pnrpnsp.pdbUGP source: firefox.exe, 0000000E.00000003.2318647190.000002249DE68000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: dxgi.pdb source: firefox.exe, 0000000E.00000003.2296552859.00000224A91EF000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: ncrypt.pdb source: firefox.exe, 0000000E.00000003.2296552859.00000224A91EF000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: ntasn1.pdb source: firefox.exe, 0000000E.00000003.2296552859.00000224A91EF000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: devobj.pdb source: firefox.exe, 0000000E.00000003.2296552859.00000224A91EF000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: netprofm.pdbUGP source: firefox.exe, 0000000E.00000003.2310726075.00000224A1F41000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: d3d11.pdb source: firefox.exe, 0000000E.00000003.2296552859.00000224A91EF000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8powrprof.pdb source: firefox.exe, 0000000E.00000003.2296552859.00000224A91EF000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: srvcli.pdb source: firefox.exe, 0000000E.00000003.2296552859.00000224A91EF000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8OnDemandConnRouteHelper.pdb source: firefox.exe, 0000000E.00000003.2296552859.00000224A91EF000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8MMDevAPI.pdb source: firefox.exe, 0000000E.00000003.2296552859.00000224A91EF000.00000004.00000800.00020000.00000000.sdmp
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00A6DBBE lstrlenW,GetFileAttributesW,FindFirstFileW,FindClose,0_2_00A6DBBE
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00A3C2A2 FindFirstFileExW,0_2_00A3C2A2
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00A768EE FindFirstFileW,FindClose,0_2_00A768EE
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00A7698F FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToSystemTime,FileTimeToSystemTime,0_2_00A7698F
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00A6D076 FindFirstFileW,DeleteFileW,DeleteFileW,MoveFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,0_2_00A6D076
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00A6D3A9 FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,0_2_00A6D3A9
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00A79642 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,0_2_00A79642
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00A7979D SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,0_2_00A7979D
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00A79B2B FindFirstFileW,Sleep,FindNextFileW,FindClose,0_2_00A79B2B
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00A75C97 FindFirstFileW,FindNextFileW,FindClose,0_2_00A75C97
Source: firefox.exeMemory has grown: Private usage: 1MB later: 216MB
Source: unknownNetwork traffic detected: DNS query count 31
Source: Joe Sandbox ViewIP Address: 151.101.1.91 151.101.1.91
Source: Joe Sandbox ViewIP Address: 34.149.100.209 34.149.100.209
Source: Joe Sandbox ViewIP Address: 34.117.188.166 34.117.188.166
Source: Joe Sandbox ViewIP Address: 34.160.144.191 34.160.144.191
Source: Joe Sandbox ViewJA3 fingerprint: fb0aa01abe9d8e4037eb3473ca6e2dca
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00A7CE44 InternetReadFile,SetEvent,GetLastError,SetEvent,0_2_00A7CE44
Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: firefox.exe, 0000000E.00000003.2299791675.00000224A5B90000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2408085024.00000224A5B92000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2384725642.00000224A5B90000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: 8*://www.facebook.com/* equals www.facebook.com (Facebook)
Source: firefox.exe, 0000000E.00000003.2297551298.00000224A7568000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2374041508.00000224A7565000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2374041508.00000224A7568000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: 8*://www.youtube.com/* equals www.youtube.com (Youtube)
Source: firefox.exe, 0000000E.00000003.2297551298.00000224A7568000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2375511057.00000224A5B29000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2351968676.00000224A5F81000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: 8https://www.facebook.com/ equals www.facebook.com (Facebook)
Source: firefox.exe, 0000000E.00000003.2297551298.00000224A7568000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2375511057.00000224A5B29000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2351968676.00000224A5F81000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: 8https://www.youtube.com/ equals www.youtube.com (Youtube)
Source: firefox.exe, 0000000E.00000003.2299791675.00000224A5B90000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2408085024.00000224A5B92000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2384725642.00000224A5B90000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: 8www.facebook.com equals www.facebook.com (Facebook)
Source: firefox.exe, 0000000E.00000003.2297551298.00000224A7568000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2374041508.00000224A7568000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: 8www.youtube.com equals www.youtube.com (Youtube)
Source: firefox.exe, 0000000E.00000003.2297551298.00000224A7568000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2375511057.00000224A5B29000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2351968676.00000224A5F81000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.facebook.com/ equals www.facebook.com (Facebook)
Source: firefox.exe, 0000000E.00000003.2297551298.00000224A7568000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2375511057.00000224A5B29000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2351968676.00000224A5F81000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/ equals www.youtube.com (Youtube)
Source: firefox.exe, 0000000E.00000003.2375734891.00000224A159D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2385703002.00000224A159D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2301225240.00000224A159D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/ equals www.facebook.com (Facebook)
Source: firefox.exe, 0000000E.00000003.2375734891.00000224A159D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2385703002.00000224A159D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2301225240.00000224A159D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/ equals www.twitter.com (Twitter)
Source: firefox.exe, 0000000E.00000003.2375734891.00000224A159D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2385703002.00000224A159D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2301225240.00000224A159D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/ equals www.youtube.com (Youtube)
Source: firefox.exe, 0000000E.00000003.2390782441.00000224A7A15000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: moz-extension://bfdd6cf3-6cd6-4fa2-bc72-2c3d2e7d20f8/injections/js/bug1842437-www.youtube.com-performance-now-precision.js equals www.youtube.com (Youtube)
Source: firefox.exe, 0000000E.00000003.2299791675.00000224A5B90000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2408085024.00000224A5B92000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2384725642.00000224A5B90000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: www.facebook.com equals www.facebook.com (Facebook)
Source: firefox.exe, 0000000E.00000003.2332397619.000002249B08E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: www.facebook.com/ equals www.facebook.com (Facebook)
Source: firefox.exe, 0000000E.00000003.2332397619.000002249B08E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: www.facebook.com/Z equals www.facebook.com (Facebook)
Source: firefox.exe, 0000000E.00000003.2297551298.00000224A7568000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2386976757.000002249F487000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2378922141.000002249F487000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: www.youtube.com equals www.youtube.com (Youtube)
Source: firefox.exe, 0000000E.00000003.2401244103.00000224A07EC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2370825536.00000224A07EC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2302878704.00000224A07EC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: www.youtube.com- equals www.youtube.com (Youtube)
Source: firefox.exe, 0000000E.00000003.2223886021.000002249F2F5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2380594681.000002249F2F5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2380968738.000002249F2BE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: x*://www.facebook.com/platform/impression.php* equals www.facebook.com (Facebook)
Source: global trafficDNS traffic detected: DNS query: prod.classify-client.prod.webservices.mozgcp.net
Source: global trafficDNS traffic detected: DNS query: youtube.com
Source: global trafficDNS traffic detected: DNS query: detectportal.firefox.com
Source: global trafficDNS traffic detected: DNS query: prod.detectportal.prod.cloudops.mozgcp.net
Source: global trafficDNS traffic detected: DNS query: contile.services.mozilla.com
Source: global trafficDNS traffic detected: DNS query: spocs.getpocket.com
Source: global trafficDNS traffic detected: DNS query: prod.ads.prod.webservices.mozgcp.net
Source: global trafficDNS traffic detected: DNS query: prod.balrog.prod.cloudops.mozgcp.net
Source: global trafficDNS traffic detected: DNS query: content-signature-2.cdn.mozilla.net
Source: global trafficDNS traffic detected: DNS query: prod.content-signature-chains.prod.webservices.mozgcp.net
Source: global trafficDNS traffic detected: DNS query: example.org
Source: global trafficDNS traffic detected: DNS query: ipv4only.arpa
Source: global trafficDNS traffic detected: DNS query: shavar.services.mozilla.com
Source: global trafficDNS traffic detected: DNS query: push.services.mozilla.com
Source: global trafficDNS traffic detected: DNS query: firefox.settings.services.mozilla.com
Source: global trafficDNS traffic detected: DNS query: telemetry-incoming.r53-2.services.mozilla.com
Source: global trafficDNS traffic detected: DNS query: prod.remote-settings.prod.webservices.mozgcp.net
Source: global trafficDNS traffic detected: DNS query: support.mozilla.org
Source: global trafficDNS traffic detected: DNS query: us-west1.prod.sumo.prod.webservices.mozgcp.net
Source: global trafficDNS traffic detected: DNS query: www.youtube.com
Source: global trafficDNS traffic detected: DNS query: www.facebook.com
Source: global trafficDNS traffic detected: DNS query: www.wikipedia.org
Source: global trafficDNS traffic detected: DNS query: dyna.wikimedia.org
Source: global trafficDNS traffic detected: DNS query: youtube-ui.l.google.com
Source: global trafficDNS traffic detected: DNS query: star-mini.c10r.facebook.com
Source: global trafficDNS traffic detected: DNS query: www.reddit.com
Source: global trafficDNS traffic detected: DNS query: twitter.com
Source: global trafficDNS traffic detected: DNS query: dualstack.reddit.map.fastly.net
Source: global trafficDNS traffic detected: DNS query: services.addons.mozilla.org
Source: global trafficDNS traffic detected: DNS query: normandy.cdn.mozilla.net
Source: global trafficDNS traffic detected: DNS query: normandy-cdn.services.mozilla.com
Source: firefox.exe, 00000010.00000002.3390040895.000001FEC4060000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3393687304.0000017E609C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3389471986.000001E991EC0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: http://127.0.0.1:
Source: firefox.exe, 0000000E.00000003.2397524663.00000224A5F8B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2351968676.00000224A5F8B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://a9.com/-/spec/opensearch/1.0/
Source: firefox.exe, 0000000E.00000003.2397524663.00000224A5F8B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2351968676.00000224A5F8B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://a9.com/-/spec/opensearch/1.1/
Source: firefox.exe, 0000000E.00000003.2397524663.00000224A5F8B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2351968676.00000224A5F8B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://a9.com/-/spec/opensearchdescription/1.0/
Source: firefox.exe, 0000000E.00000003.2397524663.00000224A5F8B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2351968676.00000224A5F8B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://a9.com/-/spec/opensearchdescription/1.1/
Source: firefox.exe, 0000000E.00000003.2349655141.000002249DE68000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2349104180.000002249DE67000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2295043691.000002249DE26000.00000004.00000020.00020000.00000000.sdmp, gmpopenh264.dll.tmp.14.drString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
Source: firefox.exe, 0000000E.00000003.2350608434.000002249DE40000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2349655141.000002249DE68000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2349104180.000002249DE67000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2295043691.000002249DE26000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2304792843.000002249DE40000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2295085022.000002249DE40000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2294904676.000002249DE32000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2350017340.000002249DE32000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: firefox.exe, 0000000E.00000003.2296184832.000002249DE32000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2295043691.000002249DE26000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2304792843.000002249DE40000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2350017340.000002249DE24000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2296317151.000002249DE40000.00000004.00000020.00020000.00000000.sdmp, gmpopenh264.dll.tmp.14.drString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt0
Source: firefox.exe, 0000000E.00000003.2350608434.000002249DE40000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2349655141.000002249DE68000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2349104180.000002249DE67000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2295043691.000002249DE26000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2295085022.000002249DE40000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2294904676.000002249DE32000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2350017340.000002249DE32000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: firefox.exe, 0000000E.00000003.2350608434.000002249DE40000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2295043691.000002249DE26000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2304792843.000002249DE40000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2350017340.000002249DE32000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: firefox.exe, 0000000E.00000003.2424955934.0000022499A7D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://compose.mail.yahoo.co.jp/ym/Compose?To=%s
Source: firefox.exe, 0000000E.00000003.2310037067.000002249DE40000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2350608434.000002249DE40000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2292766302.000002249DE24000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2305971914.000002249DE40000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2296184832.000002249DE32000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2293657363.000002249DE32000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2293822912.000002249DE40000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2292851542.000002249DE40000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2294227375.000002249DE2E000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2304792843.000002249DE40000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2295085022.000002249DE40000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2294904676.000002249DE32000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2350017340.000002249DE32000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2296317151.000002249DE40000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2294324064.000002249DE40000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.micr
Source: gmpopenh264.dll.tmp.14.drString found in binary or memory: http://crl.thawte.com/ThawteTimestampingCA.crl0
Source: firefox.exe, 0000000E.00000003.2350608434.000002249DE40000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2349655141.000002249DE68000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2349104180.000002249DE67000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2295043691.000002249DE26000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2304792843.000002249DE40000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2295085022.000002249DE40000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2294904676.000002249DE32000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2350017340.000002249DE32000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: firefox.exe, 0000000E.00000003.2349655141.000002249DE68000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2349104180.000002249DE67000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2295043691.000002249DE26000.00000004.00000020.00020000.00000000.sdmp, gmpopenh264.dll.tmp.14.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0O
Source: firefox.exe, 0000000E.00000003.2350608434.000002249DE40000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2349655141.000002249DE68000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2349104180.000002249DE67000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2295043691.000002249DE26000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2295085022.000002249DE40000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2294904676.000002249DE32000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2350017340.000002249DE32000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: firefox.exe, 0000000E.00000003.2350608434.000002249DE40000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2295043691.000002249DE26000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2304792843.000002249DE40000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2350017340.000002249DE32000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: firefox.exe, 0000000E.00000003.2296184832.000002249DE32000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2295043691.000002249DE26000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2304792843.000002249DE40000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2350017340.000002249DE24000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2296317151.000002249DE40000.00000004.00000020.00020000.00000000.sdmp, gmpopenh264.dll.tmp.14.drString found in binary or memory: http://crl3.digicert.com/sha2-assured-cs-g1.crl05
Source: firefox.exe, 0000000E.00000003.2349655141.000002249DE68000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2349104180.000002249DE67000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2295043691.000002249DE26000.00000004.00000020.00020000.00000000.sdmp, gmpopenh264.dll.tmp.14.drString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: firefox.exe, 0000000E.00000003.2296184832.000002249DE32000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2295043691.000002249DE26000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2304792843.000002249DE40000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2350017340.000002249DE24000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2296317151.000002249DE40000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0K
Source: gmpopenh264.dll.tmp.14.drString found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0L
Source: firefox.exe, 0000000E.00000003.2349569165.00000224A8E64000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://detectportal.firefox.com
Source: firefox.exe, 0000000E.00000003.2372986478.00000224A7A4F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://detectportal.firefox.com/
Source: firefox.exe, 0000000E.00000003.2378667977.000002249F4E7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3390040895.000001FEC4060000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3393687304.0000017E609C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3389471986.000001E991EC0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: http://detectportal.firefox.com/canonical.html
Source: firefox.exe, 0000000E.00000003.2370610764.00000224A162F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3390040895.000001FEC4060000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3393687304.0000017E609C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3389471986.000001E991EC0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: http://detectportal.firefox.com/success.txt?ipv4
Source: firefox.exe, 0000000E.00000003.2370610764.00000224A162F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3390040895.000001FEC4060000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3393687304.0000017E609C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3389471986.000001E991EC0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: http://detectportal.firefox.com/success.txt?ipv6
Source: firefox.exe, 0000000E.00000003.2390870696.00000224A752B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://developer.mozilla.org/en/docs/DOM:element.addEventListener
Source: firefox.exe, 0000000E.00000003.2390870696.00000224A752B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://developer.mozilla.org/en/docs/DOM:element.removeEventListener
Source: firefox.exe, 0000000E.00000003.2324684032.000002249E6C7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org
Source: firefox.exe, 0000000E.00000003.2402709057.000002249E3F6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/
Source: firefox.exe, 0000000E.00000003.2302615895.00000224A141E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2336984483.000002249F6ED000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2311242833.000002249F6E7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2299791675.00000224A5B90000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2258461770.000002249F8E8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2417979774.000002249D64D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2251708657.000002249F8EE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2318088287.000002249F6ED000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2408085024.00000224A5B92000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2222064353.00000224A5BE3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2264817742.000002249F8E5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2384725642.00000224A5B90000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2385926062.00000224A09AC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2301985729.00000224A14ED000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2375425078.00000224A5B30000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2299791675.00000224A5BB0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2408085024.00000224A5BB0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2247811818.000002249EFC3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2311242833.000002249F6B1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2361850236.000002249D64B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2335918896.000002249F8E5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/MPL/2.0/.
Source: firefox.exe, 0000000E.00000003.2350608434.000002249DE40000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2295043691.000002249DE26000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2304792843.000002249DE40000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2350017340.000002249DE32000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0A
Source: firefox.exe, 0000000E.00000003.2350608434.000002249DE40000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2349655141.000002249DE68000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2349104180.000002249DE67000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2295043691.000002249DE26000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2304792843.000002249DE40000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2295085022.000002249DE40000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2294904676.000002249DE32000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2350017340.000002249DE32000.00000004.00000020.00020000.00000000.sdmp, gmpopenh264.dll.tmp.14.drString found in binary or memory: http://ocsp.digicert.com0C
Source: firefox.exe, 0000000E.00000003.2296184832.000002249DE32000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2295043691.000002249DE26000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2304792843.000002249DE40000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2350017340.000002249DE24000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2296317151.000002249DE40000.00000004.00000020.00020000.00000000.sdmp, gmpopenh264.dll.tmp.14.drString found in binary or memory: http://ocsp.digicert.com0N
Source: firefox.exe, 0000000E.00000003.2350608434.000002249DE40000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2349655141.000002249DE68000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2349104180.000002249DE67000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2295043691.000002249DE26000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2295085022.000002249DE40000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2294904676.000002249DE32000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2350017340.000002249DE32000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0X
Source: gmpopenh264.dll.tmp.14.drString found in binary or memory: http://ocsp.thawte.com0
Source: firefox.exe, 0000000E.00000003.2424955934.0000022499A7D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://poczta.interia.pl/mh/?mailto=%s
Source: firefox.exe, 0000000E.00000003.2299791675.00000224A5B9D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://r3.i.lencr.org/0.
Source: firefox.exe, 0000000E.00000003.2299791675.00000224A5B9D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://r3.o.lencr.org0
Source: gmpopenh264.dll.tmp.14.drString found in binary or memory: http://ts-aia.ws.symantec.com/tss-ca-g2.cer0
Source: gmpopenh264.dll.tmp.14.drString found in binary or memory: http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
Source: gmpopenh264.dll.tmp.14.drString found in binary or memory: http://ts-ocsp.ws.symantec.com07
Source: firefox.exe, 0000000E.00000003.2424955934.0000022499A7D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://win.mail.ru/cgi-bin/sentmsg?mailto=%s
Source: firefox.exe, 0000000E.00000003.2296184832.000002249DE32000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2295043691.000002249DE26000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2304792843.000002249DE40000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2350017340.000002249DE24000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2296317151.000002249DE40000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.digicert.com/CPS0
Source: firefox.exe, 0000000E.00000003.2424955934.0000022499A7D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.inbox.lv/rfc2368/?value=%s
Source: gmpopenh264.dll.tmp.14.drString found in binary or memory: http://www.mozilla.com0
Source: firefox.exe, 0000000E.00000003.2297352926.00000224A8060000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.mozilla.org/2005/app-updatex
Source: firefox.exe, 0000000E.00000003.2397524663.00000224A5F8B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2351968676.00000224A5F8B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.mozilla.org/2006/browser/search/
Source: firefox.exe, 0000000E.00000003.2372986478.00000224A7A25000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2386501267.00000224A032F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2410260321.000002249E33F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2402910738.000002249E369000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2303524066.00000224A0386000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2223886021.000002249F2A2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2371166045.00000224A06B9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2377973597.00000224A06C4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2223886021.000002249F2BE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul
Source: firefox.exe, 0000000E.00000003.2303524066.00000224A0386000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xulP
Source: firefox.exe, 00000011.00000003.2219623269.0000017E60F3D000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2220605309.0000017E60F3D000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.3394859047.0000017E60F3D000.00000004.00000020.00020000.00000000.sdmp, mozilla-temp-41.14.drString found in binary or memory: http://www.videolan.org/x264.html
Source: firefox.exe, 0000000E.00000003.2299791675.00000224A5B9D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2298604429.00000224A7446000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2222064353.00000224A5B9D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://x1.c.lencr.org/0
Source: firefox.exe, 0000000E.00000003.2299791675.00000224A5B9D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2298604429.00000224A7446000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2222064353.00000224A5B9D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://x1.i.lencr.org/0
Source: firefox.exe, 0000000E.00000003.2351968676.00000224A5F3B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://youtube.com/
Source: firefox.exe, 00000010.00000002.3390040895.000001FEC4060000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3393687304.0000017E609C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3389471986.000001E991EC0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://%LOCALE%.malware-error.mozilla.com/?url=
Source: firefox.exe, 00000010.00000002.3390040895.000001FEC4060000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3393687304.0000017E609C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3389471986.000001E991EC0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://%LOCALE%.phish-error.mozilla.com/?url=
Source: firefox.exe, 00000010.00000002.3390040895.000001FEC4060000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3393687304.0000017E609C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3389471986.000001E991EC0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://%LOCALE%.phish-report.mozilla.com/?url=
Source: firefox.exe, 0000000E.00000003.2397524663.00000224A5F73000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://MD8.mozilla.org/1/m
Source: firefox.exe, 0000000E.00000003.2351968676.00000224A5F67000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2197605174.000002249D660000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2197449566.000002249D63E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2197305732.000002249D61D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2197165878.000002249D400000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2198548081.000002249D681000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ac.duckduckgo.com/ac/
Source: firefox.exe, 0000000E.00000003.2375734891.00000224A156B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2301225240.00000224A156B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://account.bellmedia.c
Source: firefox.exe, 0000000E.00000003.2382870610.00000224A8ECC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2368192414.00000224A8EB5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2296756699.00000224A8EB5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2349569165.00000224A8EB5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.firefox.com
Source: firefox.exe, 0000000E.00000003.2354086790.00000224A5B3C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2299279116.00000224A740A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2375068549.00000224A740A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3390040895.000001FEC4060000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3393687304.0000017E609C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3389471986.000001E991EC0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://accounts.firefox.com/
Source: firefox.exe, 00000010.00000002.3390040895.000001FEC4060000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3393687304.0000017E609C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3389471986.000001E991EC0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://accounts.firefox.com/settings/clients
Source: firefox.exe, 0000000E.00000003.2222064353.00000224A5B63000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2299791675.00000224A5B62000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.firefox.comK
Source: firefox.exe, 0000000E.00000003.2222064353.00000224A5BB0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2263999742.00000224A7966000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/v3/signin/challenge/pwd
Source: firefox.exe, 00000010.00000002.3390040895.000001FEC4060000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3393687304.0000017E609C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3389471986.000001E991EC0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/%APP%/blocked-addon/%addonID%/%addonVersion%/
Source: firefox.exe, 00000010.00000002.3390040895.000001FEC4060000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3393687304.0000017E609C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3389471986.000001E991EC0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/
Source: firefox.exe, 00000010.00000002.3390040895.000001FEC4060000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3393687304.0000017E609C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3389471986.000001E991EC0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/language-tools/
Source: firefox.exe, 00000010.00000002.3390040895.000001FEC4060000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3393687304.0000017E609C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3389471986.000001E991EC0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/search-engines/
Source: firefox.exe, 00000010.00000002.3390040895.000001FEC4060000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3393687304.0000017E609C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3389471986.000001E991EC0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/search?q=%TERMS%&platform=%OS%&appver=%VERSION%
Source: firefox.exe, 00000010.00000002.3390040895.000001FEC4060000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3393687304.0000017E609C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3389471986.000001E991EC0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/themes
Source: firefox.exe, 0000000E.00000003.2401244103.00000224A07EC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2370825536.00000224A07EC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2302878704.00000224A07EC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/firefox/addon/enhancer-for-youtube/
Source: firefox.exe, 0000000E.00000003.2401244103.00000224A07EC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2370825536.00000224A07EC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2302878704.00000224A07EC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/firefox/addon/facebook-container/
Source: firefox.exe, 0000000E.00000003.2401244103.00000224A07EC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2370825536.00000224A07EC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2302878704.00000224A07EC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/firefox/addon/reddit-enhancement-suite/
Source: firefox.exe, 0000000E.00000003.2401244103.00000224A07EC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2370825536.00000224A07EC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2302878704.00000224A07EC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/firefox/addon/to-google-translate/
Source: firefox.exe, 0000000E.00000003.2401244103.00000224A07EC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2370825536.00000224A07EC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2302878704.00000224A07EC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/firefox/addon/wikipedia-context-menu-search/
Source: firefox.exe, 0000000E.00000003.2401244103.00000224A07EC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2370825536.00000224A07EC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2302878704.00000224A07EC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ads-us.rd.linksynergy.com/as.php
Source: firefox.exe, 0000000E.00000003.2223886021.000002249F2F5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2380594681.000002249F2F5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2380968738.000002249F2BE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2223886021.000002249F2BE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ads.stickyadstv.com/firefox-etp
Source: firefox.exe, 0000000E.00000003.2351968676.00000224A5F3B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://amazon.com/
Source: firefox.exe, 00000010.00000002.3390040895.000001FEC4060000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3393687304.0000017E609C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3389471986.000001E991EC0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://api.accounts.firefox.com/v1
Source: firefox.exe, 00000010.00000002.3390040895.000001FEC4060000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3393687304.0000017E609C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3389471986.000001E991EC0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://apps.apple.com/app/firefox-private-safe-browser/id989804926
Source: firefox.exe, 00000010.00000002.3390040895.000001FEC4060000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3393687304.0000017E609C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3389471986.000001E991EC0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://apps.apple.com/us/app/firefox-private-network-vpn/id1489407738
Source: firefox.exe, 0000000E.00000003.2349569165.00000224A8E64000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aus5.mozilla.org
Source: firefox.exe, 0000000E.00000003.2349569165.00000224A8E64000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aus5.mozilla.org/
Source: firefox.exe, 00000010.00000002.3390040895.000001FEC4060000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3393687304.0000017E609C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3389471986.000001E991EC0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://aus5.mozilla.org/update/3/GMP/%VERSION%/%BUILD_ID%/%BUILD_TARGET%/%LOCALE%/%CHANNEL%/%OS_VER
Source: firefox.exe, 00000010.00000002.3390040895.000001FEC4060000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3393687304.0000017E609C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3389471986.000001E991EC0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://aus5.mozilla.org/update/3/SystemAddons/%VERSION%/%BUILD_ID%/%BUILD_TARGET%/%LOCALE%/%CHANNEL
Source: firefox.exe, 0000000E.00000003.2223344338.00000224A05DD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2351888155.00000224A743B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2302962429.00000224A05DD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2376791541.00000224A05DD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2374930333.00000224A743E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2381906877.00000224A05DD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2299203631.00000224A743B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2409284666.00000224A05E5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aus5.mozilla.org/update/6/Firefox/118.0.1/20230927232528/WINNT_x86_64-msvc-x64/en-US/release
Source: firefox.exe, 00000010.00000002.3390040895.000001FEC4060000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3393687304.0000017E609C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3389471986.000001E991EC0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://blocked.cdn.mozilla.net/
Source: firefox.exe, 00000010.00000002.3390040895.000001FEC4060000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3393687304.0000017E609C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3389471986.000001E991EC0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://blocked.cdn.mozilla.net/%blockID%.html
Source: firefox.exe, 00000010.00000002.3390452673.000001FEC42CB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.3389412157.0000017E603E9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3393044777.000001E992303000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.14.drString found in binary or memory: https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696425136400800000.2&ci=1696425136743.
Source: firefox.exe, 00000010.00000002.3390452673.000001FEC42CB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.3389412157.0000017E603E9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3393044777.000001E992303000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.14.drString found in binary or memory: https://bridge.sfo1.ap01.net/ctp?version=16.0.0&key=1696425136400800000.1&ci=1696425136743.12791&cta
Source: firefox.exe, 0000000E.00000003.2394057258.00000224A0754000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mo
Source: firefox.exe, 0000000E.00000003.2256372621.000002249F856000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2255684560.000002249F832000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1189266
Source: firefox.exe, 0000000E.00000003.2256372621.000002249F856000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2255684560.000002249F832000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1193802
Source: firefox.exe, 0000000E.00000003.2256372621.000002249F856000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2255684560.000002249F832000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1207993
Source: firefox.exe, 0000000E.00000003.2256372621.000002249F856000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1266220
Source: firefox.exe, 0000000E.00000003.2256372621.000002249F856000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2255684560.000002249F832000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1283601
Source: firefox.exe, 0000000E.00000003.2354086790.00000224A5B29000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1539075
Source: firefox.exe, 0000000E.00000003.2354086790.00000224A5B29000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1584464
Source: firefox.exe, 0000000E.00000003.2354086790.00000224A5B29000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1607439
Source: firefox.exe, 0000000E.00000003.2354086790.00000224A5B29000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1616739
Source: firefox.exe, 0000000E.00000003.2256372621.000002249F856000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2255684560.000002249F832000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1678448
Source: firefox.exe, 0000000E.00000003.2256372621.000002249F856000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2255684560.000002249F832000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=792480
Source: firefox.exe, 0000000E.00000003.2256372621.000002249F856000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2255684560.000002249F832000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=809550
Source: firefox.exe, 0000000E.00000003.2256372621.000002249F856000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2255684560.000002249F832000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=840161
Source: firefox.exe, 00000010.00000002.3390040895.000001FEC4060000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3393687304.0000017E609C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3389471986.000001E991EC0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://color.firefox.com/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_content=theme-f
Source: firefox.exe, 0000000E.00000003.2197605174.000002249D660000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2197449566.000002249D63E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2197305732.000002249D61D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2197165878.000002249D400000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2198548081.000002249D681000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://completion.amazon.com/search/complete?q=
Source: firefox.exe, 0000000E.00000003.2379332974.000002249F460000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2387162226.000002249F460000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://content-signature-2.cdn.mozilla.net
Source: firefox.exe, 0000000E.00000003.2379597755.000002249F42C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://content-signature-2.cdn.mozilla.net/
Source: firefox.exe, 0000000E.00000003.2387342836.000002249F41F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-202
Source: firefox.exe, 00000010.00000002.3390040895.000001FEC4060000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3393687304.0000017E609C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3389471986.000001E991EC0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://content.cdn.mozilla.net
Source: firefox.exe, 00000010.00000002.3390452673.000001FEC42CB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.3389412157.0000017E603E9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3393044777.000001E992303000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.14.drString found in binary or memory: https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg
Source: firefox.exe, 00000010.00000002.3390452673.000001FEC42CB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.3389412157.0000017E603E9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3393044777.000001E992303000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.14.drString found in binary or memory: https://contile-images.services.mozilla.com/u1AuJcj32cbVUf9NjMipLXEYwu2uFIt4lsj-ccwVqEs.36904.jpg
Source: firefox.exe, 0000000E.00000003.2222064353.00000224A5BB0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2368828688.00000224A5D4D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contile.services.mozilla.com
Source: firefox.exe, 0000000E.00000003.2368828688.00000224A5D4D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contile.services.mozilla.com/
Source: firefox.exe, 0000000E.00000003.2368828688.00000224A5D4D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3390040895.000001FEC4060000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3393687304.0000017E609C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3389471986.000001E991EC0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://contile.services.mozilla.com/v1/tiles
Source: firefox.exe, 00000010.00000002.3390040895.000001FEC4060000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3393687304.0000017E609C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3389471986.000001E991EC0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://coverage.mozilla.org
Source: firefox.exe, 00000010.00000002.3390040895.000001FEC4060000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3393687304.0000017E609C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3389471986.000001E991EC0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://crash-stats.mozilla.org/report/index/
Source: firefox.exe, 0000000E.00000003.2328526088.00000224A5C2B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2220077057.00000224A5C30000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2226793487.00000224A5C2E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2218813640.00000224A5C30000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://crbug.com/993268
Source: firefox.exe, 00000010.00000002.3390040895.000001FEC4060000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3393687304.0000017E609C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3389471986.000001E991EC0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://dap-02.api.divviup.org
Source: firefox.exe, 0000000E.00000003.2299279116.00000224A740A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://datastudio.google.com/embed/reporting/
Source: firefox.exe, 0000000E.00000003.2390870696.00000224A752B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/docs/Mozilla/Add-ons/WebExtensions/API/tabs/captureTabMozRequestFullSc
Source: firefox.exe, 0000000E.00000003.2390870696.00000224A753F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/docs/Web/API/Element/releasePointerCapture
Source: firefox.exe, 0000000E.00000003.2390870696.00000224A7543000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/docs/Web/API/Element/releasePointerCaptureWebExtensionUncheckedLastErr
Source: firefox.exe, 0000000E.00000003.2390870696.00000224A753F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/docs/Web/API/Element/setPointerCaptureElementReleaseCaptureWarningElem
Source: firefox.exe, 0000000E.00000003.2390870696.00000224A752B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/docs/Web/API/Push_API/Using_the_Push_API#EncryptionPreventDefaultFromP
Source: firefox.exe, 0000000E.00000003.2390870696.00000224A752B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/en-US/docs/Glossary/speculative_parsingDocumentWriteIgnored
Source: firefox.exe, 0000000E.00000003.2251708657.000002249F8EE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/en-US/docs/Mozilla/Tech/XPCOM/Reference/Interface/nsIEffectiveTLDServi
Source: firefox.exe, 0000000E.00000003.2328526088.00000224A5C2B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2220077057.00000224A5C30000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2226793487.00000224A5C2E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/en-US/docs/Web/API/ElementCSSInlineStyle/style#setting_styles)
Source: firefox.exe, 0000000E.00000003.2328526088.00000224A5C2B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2220077057.00000224A5C30000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2226793487.00000224A5C2E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Statements/for-await...of
Source: firefox.exe, 0000000E.00000003.2328526088.00000224A5C2B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2220077057.00000224A5C30000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2226793487.00000224A5C2E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2218813640.00000224A5C30000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/en-US/docs/Web/Web_Components/Using_custom_elements#using_the_lifecycl
Source: firefox.exe, 00000010.00000002.3390040895.000001FEC4060000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3393687304.0000017E609C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3389471986.000001E991EC0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://developers.google.com/safe-browsing/v4/advisory
Source: firefox.exe, 0000000E.00000003.2351968676.00000224A5F81000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2396260434.000002249F272000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2327077983.000002249F60A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2197605174.000002249D660000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2197449566.000002249D63E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2197305732.000002249D61D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2197165878.000002249D400000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2198548081.000002249D681000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/
Source: firefox.exe, 0000000E.00000003.2351968676.00000224A5F67000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/?t=ffab&q=
Source: firefox.exe, 0000000E.00000003.2424955934.0000022499A7D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://e.mail.ru/cgi-bin/sentmsg?mailto=%s
Source: firefox.exe, 0000000E.00000003.2390870696.00000224A7543000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://extensionworkshop.com/documentation/publish/self-distribution/SelectOptionsLengthAssignmentW
Source: firefox.exe, 0000000E.00000003.2300506666.00000224A5A62000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2222642707.00000224A5A62000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2408493027.00000224A5A66000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2399809676.00000224A5A62000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2369884104.00000224A5A62000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2297352926.00000224A8060000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.3389412157.0000017E60312000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3390124365.000001E992113000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox-api-proxy.cdn.mozilla.net/
Source: firefox.exe, 0000000E.00000003.2225192793.000002249E6F9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox-settings-attachments.cdn.mozilla.net/main-workspace/ms-images/706c7a85-cf23-442e-8a9
Source: firefox.exe, 00000010.00000002.3390040895.000001FEC4060000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3393687304.0000017E609C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3389471986.000001E991EC0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://firefox-source-docs.mozilla.org/networking/dns/trr-skip-reasons.html#
Source: firefox.exe, 0000000E.00000003.2298604429.00000224A7446000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2296756699.00000224A8E5A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox.settings.services.mozilla.com
Source: firefox.exe, 0000000E.00000003.2349569165.00000224A8E64000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox.settings.services.mozilla.com/
Source: firefox.exe, 0000000E.00000003.2375068549.00000224A740A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/
Source: firefox.exe, 00000010.00000002.3390040895.000001FEC4060000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3393687304.0000017E609C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3389471986.000001E991EC0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://fpn.firefox.com/browser?utm_source=firefox-desktop&utm_medium=referral&utm_campaign=about-pr
Source: firefox.exe, 00000010.00000002.3390040895.000001FEC4060000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3393687304.0000017E609C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3389471986.000001E991EC0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://ftp.mozilla.org/pub/labs/devtools/adb-extension/#OS#/adb-extension-latest-#OS#.xpi
Source: firefox.exe, 0000000E.00000003.2300506666.00000224A5A62000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2222642707.00000224A5A62000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2408493027.00000224A5A66000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2399809676.00000224A5A62000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2369884104.00000224A5A62000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2297352926.00000224A8060000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.3389412157.0000017E60312000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3390124365.000001E992113000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.cdn.mozilla.net/
Source: firefox.exe, 00000012.00000002.3390124365.000001E9921C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.cdn.mozilla.net/v3/firefox/global-recs?version=3&consumer_key=$apiKey&locale_lang=
Source: firefox.exe, 00000012.00000002.3390124365.000001E9921C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.cdn.mozilla.net/v3/firefox/trending-topics?version=2&consumer_key=$apiKey&locale_l
Source: firefox.exe, 0000000E.00000003.2369884104.00000224A5A62000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.3389412157.0000017E6032F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3390124365.000001E992130000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.cdn.mozilla.net/v3/newtab/layout?version=1&consumer_key=$apiKey&layout_variant=bas
Source: firefox.exe, 0000000E.00000003.2368538443.00000224A827F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/career?utm_source=pocket-newtab
Source: firefox.exe, 0000000E.00000003.2399186785.00000224A5D4F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2384104890.00000224A5D4F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2368828688.00000224A5D4D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/career?utm_source=pocket-newtabL
Source: firefox.exe, 0000000E.00000003.2368538443.00000224A827F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/entertainment?utm_source=pocket-newtab
Source: firefox.exe, 0000000E.00000003.2399186785.00000224A5D4F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2384104890.00000224A5D4F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2368828688.00000224A5D4D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/entertainment?utm_source=pocket-newtabC
Source: firefox.exe, 0000000E.00000003.2399186785.00000224A5D4F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2384104890.00000224A5D4F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2368828688.00000224A5D4D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/food?utm_source=pocket-newtabA
Source: firefox.exe, 0000000E.00000003.2368538443.00000224A827F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/health?utm_source=pocket-newtab
Source: firefox.exe, 0000000E.00000003.2399186785.00000224A5D4F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2384104890.00000224A5D4F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2368828688.00000224A5D4D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/health?utm_source=pocket-newtabE
Source: firefox.exe, 0000000E.00000003.2368538443.00000224A827F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/science?utm_source=pocket-newtab
Source: firefox.exe, 0000000E.00000003.2399186785.00000224A5D4F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2384104890.00000224A5D4F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2368828688.00000224A5D4D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/science?utm_source=pocket-newtabG
Source: firefox.exe, 0000000E.00000003.2399186785.00000224A5D4F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2384104890.00000224A5D4F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2368828688.00000224A5D4D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/self-improvement?utm_source=pocket-newtab?
Source: firefox.exe, 0000000E.00000003.2368538443.00000224A827F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/technology?utm_source=pocket-newtab
Source: firefox.exe, 0000000E.00000003.2399186785.00000224A5D4F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2384104890.00000224A5D4F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2368828688.00000224A5D4D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/technology?utm_source=pocket-newtabN
Source: firefox.exe, 00000012.00000002.3390124365.000001E9921C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/trending?src=fx_new_tab
Source: firefox.exe, 0000000E.00000003.2300506666.00000224A5A62000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2222642707.00000224A5A62000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2408493027.00000224A5A66000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2399809676.00000224A5A62000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2369884104.00000224A5A62000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/trending?src=fx_new_tabL
Source: firefox.exe, 0000000E.00000003.2368538443.00000224A827F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore?utm_source=pocket-newtab
Source: firefox.exe, 0000000E.00000003.2399186785.00000224A5D4F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2384104890.00000224A5D4F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2368828688.00000224A5D4D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore?utm_source=pocket-newtabI
Source: firefox.exe, 0000000E.00000003.2299791675.00000224A5B62000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/firefox/new_tab_learn_more
Source: firefox.exe, 0000000E.00000003.2399186785.00000224A5D4F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2384104890.00000224A5D4F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2368828688.00000224A5D4D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/firefox/new_tab_learn_more/
Source: firefox.exe, 00000012.00000002.3390124365.000001E9921C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/recommendations
Source: firefox.exe, 0000000E.00000003.2300506666.00000224A5A62000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2222642707.00000224A5A62000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2408493027.00000224A5A66000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2399809676.00000224A5A62000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2369884104.00000224A5A62000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/recommendationsS
Source: firefox.exe, 0000000E.00000003.2300506666.00000224A5A62000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2222642707.00000224A5A62000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2408493027.00000224A5A66000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2399809676.00000224A5A62000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2369884104.00000224A5A62000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/recommendationsS7
Source: firefox.exe, 0000000E.00000003.2300506666.00000224A5A62000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2222642707.00000224A5A62000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2408493027.00000224A5A66000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2399809676.00000224A5A62000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2369884104.00000224A5A62000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/v3/newtab/layout?version=1&consumer_key=$apiKey&layout_variant=basic
Source: firefox.exe, 0000000E.00000003.2328526088.00000224A5C2B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2220077057.00000224A5C30000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2226793487.00000224A5C2E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2218813640.00000224A5C30000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/google/closure-compiler/issues/3177
Source: firefox.exe, 0000000E.00000003.2328526088.00000224A5C23000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2226793487.00000224A5C23000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/lit/lit/blob/main/packages/reactive-element/src/decorators/query-all.ts
Source: firefox.exe, 0000000E.00000003.2328526088.00000224A5C23000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2226793487.00000224A5C23000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/lit/lit/blob/main/packages/reactive-element/src/decorators/query.ts
Source: firefox.exe, 0000000E.00000003.2328526088.00000224A5C2B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2220077057.00000224A5C30000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2226793487.00000224A5C2E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/lit/lit/issues/1266
Source: firefox.exe, 0000000E.00000003.2328526088.00000224A5C2B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2220077057.00000224A5C30000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2226793487.00000224A5C2E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/microsoft/TypeScript/issues/338).
Source: firefox.exe, 0000000E.00000003.2197605174.000002249D660000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2197449566.000002249D63E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2197305732.000002249D61D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2197165878.000002249D400000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/mozilla-services/screenshots
Source: firefox.exe, 0000000E.00000003.2368192414.00000224A8E64000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2296756699.00000224A8E64000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2410472652.00000224A8E64000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2349569165.00000224A8E64000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/uuidjs/uuid#getrandomvalues-not-supported
Source: firefox.exe, 0000000E.00000003.2354086790.00000224A5B29000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/w3c/csswg-drafts/blob/master/css-grid-2/MASONRY-EXPLAINER.md
Source: firefox.exe, 0000000E.00000003.2354086790.00000224A5B29000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/w3c/csswg-drafts/issues/4650
Source: firefox.exe, 0000000E.00000003.2300506666.00000224A5A62000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2222642707.00000224A5A62000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2408493027.00000224A5A66000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2399809676.00000224A5A62000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2369884104.00000224A5A62000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/zertosh/loose-envify)
Source: firefox.exe, 0000000E.00000003.2368828688.00000224A5DC9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google.com/
Source: firefox.exe, 0000000E.00000003.2354086790.00000224A5B29000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://gpuweb.github.io/gpuweb/
Source: firefox.exe, 00000010.00000002.3390040895.000001FEC4060000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3393687304.0000017E609C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3389471986.000001E991EC0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://helper1.dap.cloudflareresearch.com/v02
Source: firefox.exe, 0000000E.00000003.2370920338.00000224A07A6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2408998817.00000224A07A6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2393917348.00000224A07A6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ib.absa.co.za/
Source: firefox.exe, 00000010.00000002.3390040895.000001FEC4060000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3393687304.0000017E609C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3389471986.000001E991EC0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://ideas.mozilla.org/
Source: firefox.exe, 0000000E.00000003.2382960569.00000224A8EB5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2368192414.00000224A8EB5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2296756699.00000224A8EB5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2349569165.00000224A8EB5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://identity.mozilla.com/apps/oldsyncS
Source: firefox.exe, 0000000E.00000003.2382960569.00000224A8EB5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2368192414.00000224A8EB5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2296756699.00000224A8EB5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2349569165.00000224A8EB5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://identity.mozilla.com/cmd/H
Source: firefox.exe, 0000000E.00000003.2382960569.00000224A8EB5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2368192414.00000224A8EB5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2296756699.00000224A8EB5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2349569165.00000224A8EB5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://identity.mozilla.com/cmd/HCX
Source: firefox.exe, 0000000E.00000003.2382960569.00000224A8EB5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2368192414.00000224A8EB5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2296756699.00000224A8EB5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2349569165.00000224A8EB5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://identity.mozilla.com/ids/ecosystem_telemetryU
Source: firefox.exe, 0000000E.00000003.2382960569.00000224A8EB5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2368192414.00000224A8EB5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2296756699.00000224A8EB5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2349569165.00000224A8EB5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://identity.mozilla.com/ids/ecosystem_telemetryUFj
Source: firefox.exe, 0000000E.00000003.2399186785.00000224A5D4F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2384104890.00000224A5D4F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2368828688.00000224A5D4D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://img-getpocket.cdn.mozilla.net/X
Source: prefs-1.js.14.drString found in binary or memory: https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4p8dfCfm4pbW1pbWfpbW7ReNxR3UIG8zInwYIFIVs9eYi
Source: firefox.exe, 0000000E.00000003.2389836270.00000224A7A4F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2431594740.00000224A7A67000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2372986478.00000224A7A4F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3390040895.000001FEC4060000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3393687304.0000017E609C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3389471986.000001E991EC0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org
Source: firefox.exe, 0000000E.00000003.2375734891.00000224A159D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2385703002.00000224A159D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2301225240.00000224A159D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.3389412157.0000017E60388000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3390124365.000001E9921F4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org/submit
Source: firefox.exe, 0000000E.00000003.2394119961.00000224A0743000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org/submit/firefox-desktop/events/1/7b580414-1bf7-48f8-a69b-89d7f
Source: firefox.exe, 0000000E.00000003.2302878704.00000224A07CD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2388676364.00000224A8E28000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2303462694.00000224A038F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org/submit/firefox-desktop/messaging-system/1/7755ad51-2370-4623-
Source: firefox.exe, 0000000E.00000003.2381240356.000002249F29E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2388676364.00000224A8E28000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org/submit/messaging-system/undesired-events/1/60234bf5-9653-4796
Source: firefox.exe, 0000000E.00000003.2296552859.00000224A91D9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2388676364.00000224A8E28000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org/submit/messaging-system/undesired-events/1/60886e1d-6c26-4f22
Source: firefox.exe, 0000000E.00000003.2300506666.00000224A5A62000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2222642707.00000224A5A62000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2408493027.00000224A5A66000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2399809676.00000224A5A62000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2369884104.00000224A5A62000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org/submits
Source: firefox.exe, 0000000E.00000003.2328526088.00000224A5C2B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2220077057.00000224A5C30000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2226793487.00000224A5C2E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://infra.spec.whatwg.org/#ascii-whitespace
Source: firefox.exe, 00000010.00000002.3390040895.000001FEC4060000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3393687304.0000017E609C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3389471986.000001E991EC0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://install.mozilla.org
Source: firefox.exe, 0000000E.00000003.2328526088.00000224A5C2B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2220077057.00000224A5C30000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2226793487.00000224A5C2E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lit.dev/docs/libraries/standalone-templates/#rendering-lit-html-templates
Source: firefox.exe, 0000000E.00000003.2328526088.00000224A5C2B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2220077057.00000224A5C30000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2226793487.00000224A5C2E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lit.dev/docs/templates/directives/#stylemap
Source: firefox.exe, 0000000E.00000003.2328526088.00000224A5C2B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2220077057.00000224A5C30000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2226793487.00000224A5C2E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lit.dev/docs/templates/expressions/#child-expressions)
Source: firefox.exe, 00000010.00000002.3390040895.000001FEC4060000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3393687304.0000017E609C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3389471986.000001E991EC0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://location.services.mozilla.com/v1/country?key=%MOZILLA_API_KEY%
Source: firefox.exe, 0000000E.00000003.2375734891.00000224A156B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2301225240.00000224A156B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://login.live.com
Source: firefox.exe, 0000000E.00000003.2375734891.00000224A156B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2301225240.00000224A156B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://login.microsoftonline.com
Source: firefox.exe, 0000000E.00000003.2299279116.00000224A740A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2375068549.00000224A740A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lookerstudio.google.com/embed/reporting/
Source: firefox.exe, 0000000E.00000003.2424955934.0000022499A7D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.inbox.lv/compose?to=%s
Source: firefox.exe, 0000000E.00000003.2424955934.0000022499A7D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.yahoo.co.jp/compose/?To=%s
Source: firefox.exe, 00000011.00000002.3389412157.0000017E60386000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3390124365.000001E99218F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://merino.services.mozilla.com/api/v1/suggest
Source: firefox.exe, 00000010.00000002.3390040895.000001FEC4060000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3393687304.0000017E609C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3389471986.000001E991EC0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://mitmdetection.services.mozilla.com/
Source: firefox.exe, 0000000E.00000003.2249576995.00000224A795D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mochitest.youtube.com/
Source: firefox.exe, 00000010.00000002.3390040895.000001FEC4060000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3393687304.0000017E609C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3389471986.000001E991EC0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/?entrypoint=protection_report_monitor&utm_source=about-protections
Source: firefox.exe, 00000010.00000002.3390040895.000001FEC4060000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3393687304.0000017E609C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3389471986.000001E991EC0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/about
Source: firefox.exe, 00000010.00000002.3390040895.000001FEC4060000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3393687304.0000017E609C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3389471986.000001E991EC0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/breach-details/
Source: firefox.exe, 00000010.00000002.3390040895.000001FEC4060000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3393687304.0000017E609C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3389471986.000001E991EC0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/oauth/init?entrypoint=protection_report_monitor&utm_source=about-protect
Source: firefox.exe, 00000010.00000002.3390040895.000001FEC4060000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3393687304.0000017E609C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3389471986.000001E991EC0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/user/breach-stats?includeResolved=true
Source: firefox.exe, 00000010.00000002.3390040895.000001FEC4060000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3393687304.0000017E609C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3389471986.000001E991EC0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/user/dashboard
Source: firefox.exe, 00000010.00000002.3390040895.000001FEC4060000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3393687304.0000017E609C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3389471986.000001E991EC0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/user/preferences
Source: firefox.exe, 00000010.00000002.3390040895.000001FEC4060000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3393687304.0000017E609C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3389471986.000001E991EC0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://mozilla-ohttp-fakespot.fastly-edge.com/
Source: firefox.exe, 00000010.00000002.3390040895.000001FEC4060000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3393687304.0000017E609C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3389471986.000001E991EC0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://mozilla.cloudflare-dns.com/dns-query
Source: firefox.exe, 0000000E.00000003.2349655141.000002249DE68000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2349104180.000002249DE67000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2295043691.000002249DE26000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2295085022.000002249DE40000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2350017340.000002249DE24000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2294904676.000002249DE32000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://mozilla.org0/
Source: firefox.exe, 00000010.00000002.3390040895.000001FEC4060000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3393687304.0000017E609C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3389471986.000001E991EC0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://normandy.cdn.mozilla.net/api/v1
Source: firefox.exe, 00000010.00000002.3390040895.000001FEC4060000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3393687304.0000017E609C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3389471986.000001E991EC0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://oauth.accounts.firefox.com/v1
Source: firefox.exe, 00000010.00000002.3390040895.000001FEC4060000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3393687304.0000017E609C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3389471986.000001E991EC0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://play.google.com/store/apps/details?id=org.mozilla.firefox&referrer=utm_source%3Dprotection_r
Source: firefox.exe, 00000010.00000002.3390040895.000001FEC4060000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3393687304.0000017E609C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3389471986.000001E991EC0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://play.google.com/store/apps/details?id=org.mozilla.firefox.vpn&referrer=utm_source%3Dfirefox-
Source: firefox.exe, 0000000E.00000003.2249576995.00000224A795D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://play.hbomax.com/page/
Source: firefox.exe, 0000000E.00000003.2249576995.00000224A795D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://play.hbomax.com/player/
Source: firefox.exe, 0000000E.00000003.2424955934.0000022499A7D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://poczta.interia.pl/mh/?mailto=%s
Source: firefox.exe, 00000010.00000002.3390040895.000001FEC4060000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3393687304.0000017E609C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3389471986.000001E991EC0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://prod.ohttp-gateway.prod.webservices.mozgcp.net/ohttp-configs
Source: firefox.exe, 00000010.00000002.3390040895.000001FEC4060000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3393687304.0000017E609C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3389471986.000001E991EC0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://profile.accounts.firefox.com/v1
Source: firefox.exe, 00000010.00000002.3390040895.000001FEC4060000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3393687304.0000017E609C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3389471986.000001E991EC0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://profiler.firefox.com
Source: firefox.exe, 0000000E.00000003.2349569165.00000224A8E50000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2296756699.00000224A8E50000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://push.services.mozilla.com
Source: firefox.exe, 0000000E.00000003.2379597755.000002249F42C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://push.services.mozilla.com/
Source: firefox.exe, 0000000E.00000003.2369884104.00000224A5A62000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://redux.js.org/api-reference/store#subscribe(listener)
Source: firefox.exe, 00000010.00000002.3390040895.000001FEC4060000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3393687304.0000017E609C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3389471986.000001E991EC0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://relay.firefox.com/accounts/profile/?utm_medium=firefox-desktop&utm_source=modal&utm_campaign
Source: firefox.exe, 00000010.00000002.3390040895.000001FEC4060000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3393687304.0000017E609C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3389471986.000001E991EC0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://relay.firefox.com/api/v1/
Source: firefox.exe, 00000010.00000002.3390040895.000001FEC4060000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3393687304.0000017E609C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3389471986.000001E991EC0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.google.com/safebrowsing/diagnostic?site=
Source: firefox.exe, 00000010.00000002.3390040895.000001FEC4060000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3393687304.0000017E609C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3389471986.000001E991EC0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.google.com/safebrowsing/downloads?client=SAFEBROWSING_ID&appver=%MAJOR_VERSION%
Source: firefox.exe, 0000000E.00000003.2396260434.000002249F272000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://safebrowsing.google.com/safebrowsing/downloads?client=SAFEBROWSING_ID&appver=118.0&pver=2.2&
Source: firefox.exe, 00000010.00000002.3390040895.000001FEC4060000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3393687304.0000017E609C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3389471986.000001E991EC0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.google.com/safebrowsing/gethash?client=SAFEBROWSING_ID&appver=%MAJOR_VERSION%&p
Source: firefox.exe, 0000000E.00000003.2381240356.000002249F29E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://safebrowsing.google.com/safebrowsing/gethash?client=SAFEBROWSING_ID&appver=118.0&pver=2.2
Source: firefox.exe, 00000010.00000002.3390040895.000001FEC4060000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3393687304.0000017E609C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3389471986.000001E991EC0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.googleapis.com/v4/fullHashes:find?$ct=application/x-protobuf&key=%GOOGLE_SAFEBR
Source: firefox.exe, 0000000E.00000003.2396260434.000002249F272000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://safebrowsing.googleapis.com/v4/fullHashes:find?$ct=application/x-protobuf&key=AIzaSyC7jsptDS
Source: firefox.exe, 00000010.00000002.3390040895.000001FEC4060000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3393687304.0000017E609C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3389471986.000001E991EC0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.googleapis.com/v4/threatHits?$ct=application/x-protobuf&key=%GOOGLE_SAFEBROWSIN
Source: firefox.exe, 00000010.00000002.3390040895.000001FEC4060000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3393687304.0000017E609C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3389471986.000001E991EC0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.googleapis.com/v4/threatListUpdates:fetch?$ct=application/x-protobuf&key=%GOOGL
Source: firefox.exe, 0000000E.00000003.2396260434.000002249F272000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://safebrowsing.googleapis.com/v4/threatListUpdates:fetch?$ct=application/x-protobuf&key=AIzaSy
Source: firefox.exe, 00000010.00000002.3390040895.000001FEC4060000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3393687304.0000017E609C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3389471986.000001E991EC0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://sb-ssl.google.com/safebrowsing/clientreport/download?key=%GOOGLE_SAFEBROWSING_API_KEY%
Source: firefox.exe, 0000000E.00000003.2197165878.000002249D400000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://screenshots.firefox.com/
Source: firefox.exe, 0000000E.00000003.2251708657.000002249F8EE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://searchfox.org/mozilla-central/source/toolkit/components/search/SearchUtils.jsm#145-152
Source: firefox.exe, 00000010.00000002.3390040895.000001FEC4060000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3393687304.0000017E609C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3389471986.000001E991EC0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/abuse/report/addon/
Source: firefox.exe, 0000000E.00000003.2372986478.00000224A7A25000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2390684885.00000224A7A26000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/addons/addon
Source: firefox.exe, 00000010.00000002.3390040895.000001FEC4060000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3393687304.0000017E609C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3389471986.000001E991EC0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/addons/addon/
Source: firefox.exe, 00000010.00000002.3390040895.000001FEC4060000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3393687304.0000017E609C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3389471986.000001E991EC0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/addons/language-tools/?app=firefox&type=language&appversi
Source: firefox.exe, 00000010.00000002.3390040895.000001FEC4060000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3393687304.0000017E609C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3389471986.000001E991EC0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/addons/search/?guid=%IDS%&lang=%LOCALE%
Source: firefox.exe, 00000010.00000002.3390040895.000001FEC4060000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3393687304.0000017E609C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3389471986.000001E991EC0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/discovery/?lang=%LOCALE%&edition=%DISTRIBUTION%
Source: firefox.exe, 00000010.00000002.3390040895.000001FEC4060000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3393687304.0000017E609C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3389471986.000001E991EC0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v5/addons/browser-mappings/?browser=%BROWSER%
Source: firefox.exe, 0000000E.00000003.2372986478.00000224A7A4F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shavar.services.mozilla.com/
Source: firefox.exe, 00000010.00000002.3390040895.000001FEC4060000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3393687304.0000017E609C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3389471986.000001E991EC0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://shavar.services.mozilla.com/downloads?client=SAFEBROWSING_ID&appver=%MAJOR_VERSION%&pver=2.2
Source: firefox.exe, 0000000E.00000003.2372986478.00000224A7A4F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2394471864.00000224A065F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shavar.services.mozilla.com/downloads?client=navclient-auto-ffox&appver=118.0&pver=2.2
Source: firefox.exe, 00000010.00000002.3390040895.000001FEC4060000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3393687304.0000017E609C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3389471986.000001E991EC0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://shavar.services.mozilla.com/gethash?client=SAFEBROWSING_ID&appver=%MAJOR_VERSION%&pver=2.2
Source: firefox.exe, 0000000E.00000003.2376585906.00000224A0697000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shavar.services.mozilla.coml
Source: firefox.exe, 00000010.00000002.3390040895.000001FEC4060000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3393687304.0000017E609C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3389471986.000001E991EC0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://snippets.cdn.mozilla.net/%STARTPAGE_VERSION%/%NAME%/%VERSION%/%APPBUILDID%/%BUILD_TARGET%/%L
Source: firefox.exe, 0000000E.00000003.2354086790.00000224A5B29000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.3389412157.0000017E60312000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3390124365.000001E992113000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://spocs.getpocket.com/
Source: firefox.exe, 0000000E.00000003.2354086790.00000224A5B29000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://spocs.getpocket.com/spocs
Source: firefox.exe, 0000000E.00000003.2399186785.00000224A5D4F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2384104890.00000224A5D4F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2368828688.00000224A5D4D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://spocs.getpocket.com/spocs#
Source: firefox.exe, 0000000E.00000003.2399186785.00000224A5D4F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2384104890.00000224A5D4F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2368828688.00000224A5D4D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://spocs.getpocket.com/spocs#l
Source: firefox.exe, 0000000E.00000003.2300506666.00000224A5A62000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2222642707.00000224A5A62000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2408493027.00000224A5A66000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2385217104.00000224A59A4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2399809676.00000224A5A62000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2369884104.00000224A5A62000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.3389412157.0000017E60388000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3390124365.000001E9921F4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://spocs.getpocket.com/user
Source: firefox.exe, 0000000E.00000003.2223886021.000002249F2F5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2380594681.000002249F2F5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2380968738.000002249F2BE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2223886021.000002249F2BE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://static.adsafeprotected.com/firefox-etp-pixel
Source: firefox.exe, 00000010.00000002.3390040895.000001FEC4060000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3393687304.0000017E609C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3389471986.000001E991EC0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/
Source: firefox.exe, 00000010.00000002.3390040895.000001FEC4060000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3393687304.0000017E609C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3389471986.000001E991EC0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/cross-site-tracking-report
Source: firefox.exe, 00000010.00000002.3390040895.000001FEC4060000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3393687304.0000017E609C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3389471986.000001E991EC0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/cryptominers-report
Source: firefox.exe, 00000010.00000002.3390040895.000001FEC4060000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3393687304.0000017E609C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3389471986.000001E991EC0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/fingerprinters-report
Source: firefox.exe, 00000010.00000002.3390040895.000001FEC4060000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3393687304.0000017E609C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3389471986.000001E991EC0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/firefox-relay-integration
Source: firefox.exe, 00000010.00000002.3390040895.000001FEC4060000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3393687304.0000017E609C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3389471986.000001E991EC0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/password-manager-report
Source: firefox.exe, 00000010.00000002.3390040895.000001FEC4060000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3393687304.0000017E609C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3389471986.000001E991EC0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/search-engine-removal
Source: firefox.exe, 00000010.00000002.3390040895.000001FEC4060000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3393687304.0000017E609C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3389471986.000001E991EC0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/send-tab
Source: firefox.exe, 00000010.00000002.3390040895.000001FEC4060000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3393687304.0000017E609C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3389471986.000001E991EC0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/shield
Source: firefox.exe, 00000010.00000002.3390040895.000001FEC4060000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3393687304.0000017E609C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3389471986.000001E991EC0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/social-media-tracking-report
Source: firefox.exe, 00000010.00000002.3390040895.000001FEC4060000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3393687304.0000017E609C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3389471986.000001E991EC0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/tracking-content-report
Source: firefox.exe, 0000000E.00000003.2370920338.00000224A0733000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2371424296.00000224A05F8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2372986478.00000224A7A25000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2302962429.00000224A05DD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2394119961.00000224A0743000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2223344338.00000224A05F8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2390684885.00000224A7A26000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/118.0.1/WINNT/en-US/
Source: firefox.exe, 0000000E.00000003.2378667977.000002249F4E5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/118.0.1/WINNT/en-US/firefox-relay-integration
Source: firefox.exe, 0000000E.00000003.2370653563.00000224A161E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2388676364.00000224A8E28000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2379885079.000002249F3D3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3390040895.000001FEC4060000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3393687304.0000017E609C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3389471986.000001E991EC0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/captive-portal
Source: firefox.exe, 0000000E.00000003.2299279116.00000224A7424000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
Source: firefox.exe, 0000000E.00000003.2390870696.00000224A752B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/fix-video-audio-problems-firefox-windowsMediaPlatformDecoderNotFound
Source: firefox.exe, 0000000E.00000003.2390870696.00000224A752B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/fix-video-audio-problems-firefox-windowsMediaWMFNeeded
Source: firefox.exe, 0000000E.00000003.2319904558.00000224A13A1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2217484649.00000224A139F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/refresh-firefox-reset-add-ons-and-settings
Source: firefox.exe, 0000000E.00000003.2300803939.00000224A59F4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2354474351.00000224A59F4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/refresh-firefox-reset-add-ons-and-settings2
Source: firefox.exe, 0000000E.00000003.2299279116.00000224A7424000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/products/firefoxgro.allizom.troppus.GVegJq3nFfBL
Source: firefox.exe, 0000000E.00000003.2328526088.00000224A5C2B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2220077057.00000224A5C30000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2226793487.00000224A5C2E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://tc39.github.io/ecma262/#sec-typeof-operator
Source: firefox.exe, 00000010.00000002.3390040895.000001FEC4060000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3393687304.0000017E609C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3389471986.000001E991EC0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://token.services.mozilla.com/1.0/sync/1.5
Source: firefox.exe, 0000000E.00000003.2390870696.00000224A752B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/draft-ietf-httpbis-encryption-encoding-02#section-2
Source: firefox.exe, 0000000E.00000003.2390870696.00000224A752B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/draft-ietf-httpbis-encryption-encoding-02#section-3.1
Source: firefox.exe, 0000000E.00000003.2390870696.00000224A752B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/draft-ietf-httpbis-encryption-encoding-02#section-4
Source: firefox.exe, 0000000E.00000003.2390870696.00000224A752B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/rfc7515#appendix-C)
Source: firefox.exe, 00000010.00000002.3390040895.000001FEC4060000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3393687304.0000017E609C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3389471986.000001E991EC0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://topsites.services.mozilla.com/cid/
Source: firefox.exe, 00000010.00000002.3390040895.000001FEC4060000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3393687304.0000017E609C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3389471986.000001E991EC0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://tracking-protection-issues.herokuapp.com/new
Source: firefox.exe, 0000000E.00000003.2354086790.00000224A5B29000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://twitter.com/
Source: firefox.exe, 00000010.00000002.3390040895.000001FEC4060000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3393687304.0000017E609C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3389471986.000001E991EC0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://versioncheck-bg.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEM
Source: firefox.exe, 00000010.00000002.3390040895.000001FEC4060000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3393687304.0000017E609C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3389471986.000001E991EC0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://versioncheck.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEM_ID
Source: firefox.exe, 00000010.00000002.3390040895.000001FEC4060000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3393687304.0000017E609C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3389471986.000001E991EC0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://vpn.mozilla.org/?utm_source=firefox-browser&utm_medium=firefox-%CHANNEL%-browser&utm_campaig
Source: firefox.exe, 00000012.00000002.3389471986.000001E991EC0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://vpn.mozilla.org/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_campaign=about-pr
Source: firefox.exe, 00000010.00000002.3390040895.000001FEC4060000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3393687304.0000017E609C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3389471986.000001E991EC0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://webcompat.com/issues/new
Source: firefox.exe, 00000010.00000002.3390040895.000001FEC4060000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3393687304.0000017E609C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3389471986.000001E991EC0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://webextensions.settings.services.mozilla.com/v1
Source: firefox.exe, 0000000E.00000003.2300506666.00000224A5A62000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2222642707.00000224A5A62000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2408493027.00000224A5A66000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2399809676.00000224A5A62000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2369884104.00000224A5A62000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://webpack.js.org/concepts/mode/)
Source: firefox.exe, 0000000E.00000003.2300169435.00000224A5AFA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2222642707.00000224A5AFA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://weibo.com/
Source: firefox.exe, 0000000E.00000003.2328526088.00000224A5C2B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2220077057.00000224A5C30000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2226793487.00000224A5C2E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2218813640.00000224A5C30000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://wicg.github.io/construct-stylesheets/#using-constructed-stylesheets).
Source: firefox.exe, 0000000E.00000003.2354086790.00000224A5B29000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.com/
Source: firefox.exe, 00000010.00000002.3390452673.000001FEC42CB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.3389412157.0000017E603E9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3393044777.000001E992303000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.14.drString found in binary or memory: https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_35787f1071928bc3a1aef90b79c9bee9c64ba6683fde7477
Source: firefox.exe, 0000000E.00000003.2377034839.000002249F7A4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2327077983.000002249F60A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2197605174.000002249D660000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2197449566.000002249D63E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2197305732.000002249D61D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2197165878.000002249D400000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2198548081.000002249D681000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.com/exec/obidos/external-search/
Source: firefox.exe, 00000010.00000002.3390452673.000001FEC42CB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.3389412157.0000017E603E9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3393044777.000001E992303000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.14.drString found in binary or memory: https://www.bestbuy.com/site/electronics/top-deals/pcmcat1563299784494.c/?id=pcmcat1563299784494&ref
Source: firefox.exe, 0000000E.00000003.2349655141.000002249DE68000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2349104180.000002249DE67000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2295043691.000002249DE26000.00000004.00000020.00020000.00000000.sdmp, gmpopenh264.dll.tmp.14.drString found in binary or memory: https://www.digicert.com/CPS0
Source: firefox.exe, 0000000E.00000003.2368828688.00000224A5D1C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/complete/
Source: firefox.exe, 0000000E.00000003.2219738827.00000224A5EC9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2220123198.00000224A5ED9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/complete/search
Source: firefox.exe, 0000000E.00000003.2197605174.000002249D660000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2197449566.000002249D63E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2197305732.000002249D61D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2197165878.000002249D400000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2198548081.000002249D681000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/complete/search?client=firefox&q=
Source: firefox.exe, 0000000E.00000003.2377034839.000002249F7A4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2327077983.000002249F60A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2387430413.000002249F289000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2197605174.000002249D660000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2197449566.000002249D63E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2197305732.000002249D61D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2197165878.000002249D400000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2198548081.000002249D681000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/search
Source: firefox.exe, 0000000E.00000003.2393872312.00000224A07C5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/search?client=firefox-b-d&q=
Source: firefox.exe, 0000000E.00000003.2351968676.00000224A5F84000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/search?client=firefox-b-d&q=0
Source: firefox.exe, 00000010.00000002.3390040895.000001FEC4060000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3393687304.0000017E609C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3389471986.000001E991EC0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/geolocation/v1/geolocate?key=%GOOGLE_LOCATION_SERVICE_API_KEY%
Source: firefox.exe, 0000000E.00000003.2249576995.00000224A795D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.hulu.com/watch/
Source: firefox.exe, 0000000E.00000003.2249576995.00000224A795D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.instagram.com/
Source: firefox.exe, 0000000E.00000003.2391885441.00000224A5F91000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2407430954.00000224A5F97000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2351968676.00000224A5F95000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2351968676.00000224A5F77000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2351968676.00000224A5F8B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2407695051.00000224A5F79000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org
Source: firefox.exe, 00000010.00000002.3390040895.000001FEC4060000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3393687304.0000017E609C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3389471986.000001E991EC0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/about/legal/terms/subscription-services/
Source: firefox.exe, 00000012.00000002.3389471986.000001E991EC0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/%VERSION%/releasenotes/?utm_source=firefox-browser&utm_medi
Source: firefox.exe, 00000010.00000002.3390040895.000001FEC4060000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3393687304.0000017E609C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3389471986.000001E991EC0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/%VERSION%/tour/
Source: firefox.exe, 00000010.00000002.3390040895.000001FEC4060000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3393687304.0000017E609C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3389471986.000001E991EC0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/geolocation/
Source: firefox.exe, 00000010.00000002.3390040895.000001FEC4060000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3393687304.0000017E609C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3389471986.000001E991EC0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/new?reason=manual-update
Source: firefox.exe, 00000010.00000002.3390040895.000001FEC4060000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3393687304.0000017E609C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3389471986.000001E991EC0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/notes
Source: firefox.exe, 00000010.00000002.3390040895.000001FEC4060000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3393687304.0000017E609C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3389471986.000001E991EC0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/set-as-default/thanks/
Source: firefox.exe, 00000010.00000002.3390040895.000001FEC4060000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3393687304.0000017E609C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3389471986.000001E991EC0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/xr/
Source: firefox.exe, 00000010.00000002.3390040895.000001FEC4060000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3393687304.0000017E609C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3389471986.000001E991EC0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/privacy/subscription-services/
Source: firefox.exe, 0000000E.00000003.2299279116.00000224A7424000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.CDjelnmQJyZc
Source: firefox.exe, 0000000E.00000003.2225192793.000002249E6F9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/about/legal/terms/mozilla/
Source: firefox.exe, 0000000E.00000003.2409184841.00000224A077A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2370920338.00000224A0733000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2394057258.00000224A0754000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/anything/?
Source: firefox.exe, 0000000E.00000003.2299279116.00000224A7424000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.b3lOZaxJcpF6
Source: firefox.exe, 0000000E.00000003.2378667977.000002249F4E5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/en-US/about/legal/terms/subscription-services/
Source: firefox.exe, 0000000E.00000003.2298604429.00000224A7446000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2299279116.00000224A740A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2375068549.00000224A740A000.00000004.00000800.00020000.00000000.sdmp, targeting.snapshot.json.tmp.14.drString found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/
Source: firefox.exe, 0000000E.00000003.2299279116.00000224A7424000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2391885441.00000224A5FBF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/Firefox
Source: firefox.exe, 0000000E.00000003.2299279116.00000224A7424000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
Source: firefox.exe, 00000010.00000002.3390040895.000001FEC4060000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3393687304.0000017E609C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3389471986.000001E991EC0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/firefox/android/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_c
Source: firefox.exe, 00000010.00000002.3390040895.000001FEC4060000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3393687304.0000017E609C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3389471986.000001E991EC0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/firefox/ios/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_campa
Source: firefox.exe, 00000010.00000002.3390040895.000001FEC4060000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3393687304.0000017E609C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3389471986.000001E991EC0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/legal/privacy/firefox.html
Source: firefox.exe, 00000010.00000002.3390040895.000001FEC4060000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3393687304.0000017E609C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3389471986.000001E991EC0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/legal/privacy/firefox.html#crash-reporter
Source: firefox.exe, 00000010.00000002.3390040895.000001FEC4060000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3393687304.0000017E609C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3389471986.000001E991EC0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/legal/privacy/firefox.html#health-report
Source: firefox.exe, 0000000E.00000003.2299279116.00000224A7424000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2391885441.00000224A5FBF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/media/img/mozorg/mozilla-256.4720741d4108.jpg
Source: firefox.exe, 00000010.00000002.3390452673.000001FEC42CB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.3389412157.0000017E603C6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3390124365.000001E9921F4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/
Source: firefox.exe, 0000000E.00000003.2368538443.00000224A827F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/#suggest-relevant-content
Source: firefox.exe, 0000000E.00000003.2399186785.00000224A5D4F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2384104890.00000224A5D4F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2368828688.00000224A5D4D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/#suggest-relevant-contentP
Source: firefox.exe, 00000012.00000002.3390124365.000001E9921F4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/:
Source: firefox.exe, 00000010.00000002.3390040895.000001FEC4060000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3393687304.0000017E609C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3389471986.000001E991EC0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_c
Source: firefox.exe, 00000010.00000002.3390452673.000001FEC42CB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/O).
Source: firefox.exe, 0000000E.00000003.2399186785.00000224A5D4F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2384104890.00000224A5D4F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2368828688.00000224A5D4D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/V
Source: firefox.exe, 0000000E.00000003.2299279116.00000224A7424000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/gro.allizom.www.
Source: firefox.exe, 0000000E.00000003.2375734891.00000224A156B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2301225240.00000224A156B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com
Source: firefox.exe, 0000000E.00000003.2300169435.00000224A5AFA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2222642707.00000224A5AFA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.olx.pl/
Source: firefox.exe, 0000000E.00000003.2354086790.00000224A5B29000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.reddit.com/
Source: firefox.exe, 0000000E.00000003.2299791675.00000224A5B90000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2408085024.00000224A5B92000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2384725642.00000224A5B90000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.tiktok.com/
Source: firefox.exe, 0000000E.00000003.2354086790.00000224A5B29000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.3389412157.0000017E6030A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3390124365.000001E99210C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/
Source: firefox.exe, 0000000E.00000003.2300169435.00000224A5AFA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2222642707.00000224A5AFA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.zhihu.com/
Source: firefox.exe, 0000000E.00000003.2390870696.00000224A752B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://xhr.spec.whatwg.org/#sync-warning
Source: firefox.exe, 0000000E.00000003.2303462694.00000224A038F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://youtube.com
Source: firefox.exe, 0000000E.00000003.2385318480.00000224A15BC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2401443648.00000224A02CC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2297352926.00000224A8060000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://youtube.com/
Source: recovery.jsonlz4.tmp.14.drString found in binary or memory: https://youtube.com/account?=
Source: firefox.exe, 00000011.00000002.3387642112.0000017E60130000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://youtube.com/account?=https://accounts.google.co
Source: firefox.exe, 00000010.00000002.3393405725.000001FEC4380000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://youtube.com/account?=https://accounts.google.co#
Source: firefox.exe, 0000000E.00000003.2303462694.00000224A038F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2341498187.00000224A79B2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3393405725.000001FEC4384000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3388533485.000001FEC3E90000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3388533485.000001FEC3E9A000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.3387979150.0000017E60160000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.3387642112.0000017E60134000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.3387979150.0000017E6016A000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3387976505.000001E991D2A000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3388987500.000001E991E94000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd
Source: firefox.exe, 0000000C.00000002.2180284151.0000011E84BC7000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.2191229467.000001A6B22E9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd--no-default-browser
Source: firefox.exe, 00000012.00000002.3387976505.000001E991D2A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd.%?
Source: firefox.exe, 00000012.00000002.3387976505.000001E991D20000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd:%?
Source: firefox.exe, 00000010.00000002.3393405725.000001FEC4384000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3388533485.000001FEC3E90000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.3387979150.0000017E60160000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.3387642112.0000017E60134000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3387976505.000001E991D20000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3388987500.000001E991E94000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwdMOZ_CRASHREPORTER_RE
Source: firefox.exe, 00000012.00000002.3388987500.000001E991E90000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://youtube.com/account?=https://accounts.google.coz
Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49744
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49821
Source: unknownNetwork traffic detected: HTTP traffic on port 49817 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49820
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49740
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49781
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49780
Source: unknownNetwork traffic detected: HTTP traffic on port 49727 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49968 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49781 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49819
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49818
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49817
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49739
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49738
Source: unknownNetwork traffic detected: HTTP traffic on port 49759 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49734
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49811
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49733
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49732
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49731
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49896
Source: unknownNetwork traffic detected: HTTP traffic on port 49732 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49895
Source: unknownNetwork traffic detected: HTTP traffic on port 49820 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49728 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49749 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49780 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49823 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49728
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49727
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49726
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49968
Source: unknownNetwork traffic detected: HTTP traffic on port 49869 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49739 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49758 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49731 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49819 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49821 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49748 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49896 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49824 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49759
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49758
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49757
Source: unknownNetwork traffic detected: HTTP traffic on port 49738 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49757 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49734 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49750
Source: unknownNetwork traffic detected: HTTP traffic on port 49818 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49822 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49726 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49740 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49747 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49895 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49744 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49825 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49811 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49750 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49749
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49748
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49825
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49869
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49747
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49824
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49823
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49822
Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.5:49733 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.160.144.191:443 -> 192.168.2.5:49734 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.160.144.191:443 -> 192.168.2.5:49739 version: TLS 1.2
Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.5:49750 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.5:49757 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.5:49758 version: TLS 1.2
Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.5:49817 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.5:49818 version: TLS 1.2
Source: unknownHTTPS traffic detected: 151.101.1.91:443 -> 192.168.2.5:49821 version: TLS 1.2
Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.5:49824 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.5:49822 version: TLS 1.2
Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.5:49823 version: TLS 1.2
Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.5:49825 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.5:49895 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.5:49896 version: TLS 1.2
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00A7EAFF OpenClipboard,IsClipboardFormatAvailable,IsClipboardFormatAvailable,GetClipboardData,CloseClipboard,GlobalLock,CloseClipboard,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,DragQueryFileW,DragQueryFileW,DragQueryFileW,GlobalUnlock,CountClipboardFormats,CloseClipboard,0_2_00A7EAFF
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00A7ED6A OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,GlobalUnlock,OpenClipboard,EmptyClipboard,SetClipboardData,CloseClipboard,0_2_00A7ED6A
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00A7EAFF OpenClipboard,IsClipboardFormatAvailable,IsClipboardFormatAvailable,GetClipboardData,CloseClipboard,GlobalLock,CloseClipboard,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,DragQueryFileW,DragQueryFileW,DragQueryFileW,GlobalUnlock,CountClipboardFormats,CloseClipboard,0_2_00A7EAFF
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00A6AA57 GetKeyboardState,SetKeyboardState,PostMessageW,SendInput,0_2_00A6AA57
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00A99576 DefDlgProcW,SendMessageW,GetWindowLongW,SendMessageW,SendMessageW,GetKeyState,GetKeyState,GetKeyState,SendMessageW,GetKeyState,SendMessageW,SendMessageW,SendMessageW,ImageList_SetDragCursorImage,ImageList_BeginDrag,SetCapture,ClientToScreen,ImageList_DragEnter,InvalidateRect,ReleaseCapture,GetCursorPos,ScreenToClient,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,GetCursorPos,ScreenToClient,GetParent,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,GetWindowLongW,0_2_00A99576

System Summary

barindex
Binary is likely a compiled AutoIt script file
Source: file.exeString found in binary or memory: This is a third-party compiled AutoIt script.
Source: file.exe, 00000000.00000000.2134950528.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: This is a third-party compiled AutoIt script.memstr_b57ad2d2-1
Source: file.exe, 00000000.00000000.2134950528.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: AnyArabicArmenianAvestanBalineseBamumBassa_VahBatakBengaliBopomofoBrahmiBrailleBugineseBuhidCCanadian_AboriginalCarianCaucasian_AlbanianCcCfChakmaChamCherokeeCnCoCommonCopticCsCuneiformCypriotCyrillicDeseretDevanagariDuployanEgyptian_HieroglyphsElbasanEthiopicGeorgianGlagoliticGothicGranthaGreekGujaratiGurmukhiHanHangulHanunooHebrewHiraganaImperial_AramaicInheritedInscriptional_PahlaviInscriptional_ParthianJavaneseKaithiKannadaKatakanaKayah_LiKharoshthiKhmerKhojkiKhudawadiLL&LaoLatinLepchaLimbuLinear_ALinear_BLisuLlLmLoLtLuLycianLydianMMahajaniMalayalamMandaicManichaeanMcMeMeetei_MayekMende_KikakuiMeroitic_CursiveMeroitic_HieroglyphsMiaoMnModiMongolianMroMyanmarNNabataeanNdNew_Tai_LueNkoNlNoOghamOl_ChikiOld_ItalicOld_North_ArabianOld_PermicOld_PersianOld_South_ArabianOld_TurkicOriyaOsmanyaPPahawh_HmongPalmyrenePau_Cin_HauPcPdPePfPhags_PaPhoenicianPiPoPsPsalter_PahlaviRejangRunicSSamaritanSaurashtraScSharadaShavianSiddhamSinhalaSkSmSoSora_SompengSundaneseSyloti_NagriSyriacTagalogTagbanwaTai_LeTai_ThamTai_VietTakriTamilTeluguThaanaThaiTibetanTifinaghTirhutaUgariticVaiWarang_CitiXanXpsXspXucXwdYiZZlZpZsSDSOFTWARE\Classes\\CLSID\\\IPC$This is a third-party compiled AutoIt script."runasError allocating memory.SeAssignPrimaryTokenPrivilegeSeIncreaseQuotaPrivilegeSeBackupPrivilegeSeRestorePrivilegewinsta0defaultwinsta0\defaultComboBoxListBoxSHELLDLL_DefViewlargeiconsdetailssmalliconslistCLASSCLASSNNREGEXPCLASSIDNAMEXYWHINSTANCETEXT%s%u%s%dLAST[LASTACTIVE[ACTIVEHANDLE=[HANDLE:REGEXP=[REGEXPTITLE:CLASSNAME=[CLASS:ALL[ALL]HANDLEREGEXPTITLETITLEThumbnailClassAutoIt3GUIContainermemstr_0766d5e8-7
Source: file.exeString found in binary or memory: This is a third-party compiled AutoIt script.memstr_924b12a0-b
Source: file.exeString found in binary or memory: AnyArabicArmenianAvestanBalineseBamumBassa_VahBatakBengaliBopomofoBrahmiBrailleBugineseBuhidCCanadian_AboriginalCarianCaucasian_AlbanianCcCfChakmaChamCherokeeCnCoCommonCopticCsCuneiformCypriotCyrillicDeseretDevanagariDuployanEgyptian_HieroglyphsElbasanEthiopicGeorgianGlagoliticGothicGranthaGreekGujaratiGurmukhiHanHangulHanunooHebrewHiraganaImperial_AramaicInheritedInscriptional_PahlaviInscriptional_ParthianJavaneseKaithiKannadaKatakanaKayah_LiKharoshthiKhmerKhojkiKhudawadiLL&LaoLatinLepchaLimbuLinear_ALinear_BLisuLlLmLoLtLuLycianLydianMMahajaniMalayalamMandaicManichaeanMcMeMeetei_MayekMende_KikakuiMeroitic_CursiveMeroitic_HieroglyphsMiaoMnModiMongolianMroMyanmarNNabataeanNdNew_Tai_LueNkoNlNoOghamOl_ChikiOld_ItalicOld_North_ArabianOld_PermicOld_PersianOld_South_ArabianOld_TurkicOriyaOsmanyaPPahawh_HmongPalmyrenePau_Cin_HauPcPdPePfPhags_PaPhoenicianPiPoPsPsalter_PahlaviRejangRunicSSamaritanSaurashtraScSharadaShavianSiddhamSinhalaSkSmSoSora_SompengSundaneseSyloti_NagriSyriacTagalogTagbanwaTai_LeTai_ThamTai_VietTakriTamilTeluguThaanaThaiTibetanTifinaghTirhutaUgariticVaiWarang_CitiXanXpsXspXucXwdYiZZlZpZsSDSOFTWARE\Classes\\CLSID\\\IPC$This is a third-party compiled AutoIt script."runasError allocating memory.SeAssignPrimaryTokenPrivilegeSeIncreaseQuotaPrivilegeSeBackupPrivilegeSeRestorePrivilegewinsta0defaultwinsta0\defaultComboBoxListBoxSHELLDLL_DefViewlargeiconsdetailssmalliconslistCLASSCLASSNNREGEXPCLASSIDNAMEXYWHINSTANCETEXT%s%u%s%dLAST[LASTACTIVE[ACTIVEHANDLE=[HANDLE:REGEXP=[REGEXPTITLE:CLASSNAME=[CLASS:ALL[ALL]HANDLEREGEXPTITLETITLEThumbnailClassAutoIt3GUIContainermemstr_e67d7614-6
Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 17_2_0000017E609A60F7 NtQuerySystemInformation,17_2_0000017E609A60F7
Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 17_2_0000017E60F53232 NtQuerySystemInformation,17_2_0000017E60F53232
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00A6D5EB: CreateFileW,DeviceIoControl,CloseHandle,0_2_00A6D5EB
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00A61201 LogonUserW,DuplicateTokenEx,CloseHandle,OpenWindowStationW,GetProcessWindowStation,SetProcessWindowStation,OpenDesktopW,_wcslen,LoadUserProfileW,CreateEnvironmentBlock,CreateProcessAsUserW,UnloadUserProfile,GetProcessHeap,HeapFree,CloseWindowStation,CloseDesktop,SetProcessWindowStation,CloseHandle,DestroyEnvironmentBlock,0_2_00A61201
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00A6E8F6 ExitWindowsEx,InitiateSystemShutdownExW,SetSystemPowerState,0_2_00A6E8F6
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00A080600_2_00A08060
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00A720460_2_00A72046
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00A682980_2_00A68298
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00A3E4FF0_2_00A3E4FF
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00A3676B0_2_00A3676B
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00A948730_2_00A94873
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00A2CAA00_2_00A2CAA0
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00A0CAF00_2_00A0CAF0
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00A1CC390_2_00A1CC39
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00A36DD90_2_00A36DD9
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00A091C00_2_00A091C0
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00A1B1190_2_00A1B119
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00A213940_2_00A21394
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00A217060_2_00A21706
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00A2781B0_2_00A2781B
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00A219B00_2_00A219B0
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00A079200_2_00A07920
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00A1997D0_2_00A1997D
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00A27A4A0_2_00A27A4A
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00A27CA70_2_00A27CA7
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00A21C770_2_00A21C77
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00A39EEE0_2_00A39EEE
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00A8BE440_2_00A8BE44
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00A21F320_2_00A21F32
Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 17_2_0000017E609A60F717_2_0000017E609A60F7
Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 17_2_0000017E60F5323217_2_0000017E60F53232
Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 17_2_0000017E60F5327217_2_0000017E60F53272
Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 17_2_0000017E60F5395C17_2_0000017E60F5395C
Source: C:\Users\user\Desktop\file.exeCode function: String function: 00A09CB3 appears 31 times
Source: C:\Users\user\Desktop\file.exeCode function: String function: 00A1F9F2 appears 40 times
Source: C:\Users\user\Desktop\file.exeCode function: String function: 00A20A30 appears 46 times
Source: file.exeStatic PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
Source: classification engineClassification label: mal72.evad.winEXE@34/34@67/12
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00A737B5 GetLastError,FormatMessageW,0_2_00A737B5
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00A610BF AdjustTokenPrivileges,CloseHandle,0_2_00A610BF
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00A616C3 LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,0_2_00A616C3
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00A751CD SetErrorMode,GetDiskFreeSpaceExW,SetErrorMode,0_2_00A751CD
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00A6D4DC CreateToolhelp32Snapshot,Process32FirstW,Process32NextW,CloseHandle,0_2_00A6D4DC
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00A7648E _wcslen,CoInitialize,CoCreateInstance,CoUninitialize,0_2_00A7648E
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00A042A2 CreateStreamOnHGlobal,FindResourceExW,LoadResource,SizeofResource,LockResource,0_2_00A042A2
Source: C:\Program Files\Mozilla Firefox\firefox.exeFile created: C:\Users\user\AppData\Local\Mozilla\Firefox\SkeletonUILock-c388d246Jump to behavior
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6980:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7196:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7324:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1812:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7260:120:WilError_03
Source: C:\Program Files\Mozilla Firefox\firefox.exeFile created: C:\Users\user\AppData\Local\Temp\firefoxJump to behavior
Source: file.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Program Files\Mozilla Firefox\firefox.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Program Files\Mozilla Firefox\firefox.exeFile read: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.iniJump to behavior
Source: C:\Users\user\Desktop\file.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: firefox.exe, 0000000E.00000003.2382870610.00000224A8ECC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2368192414.00000224A8EB5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2296756699.00000224A8EB5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2299279116.00000224A740A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2349569165.00000224A8EB5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SELECT * FROM events WHERE timestamp BETWEEN date(:dateFrom) AND date(:dateTo);
Source: firefox.exe, 0000000E.00000003.2382870610.00000224A8ECC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2368192414.00000224A8EB5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2296756699.00000224A8EB5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2349569165.00000224A8EB5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: CREATE TABLE events (id INTEGER PRIMARY KEY, type INTEGER NOT NULL, count INTEGER NOT NULL, timestamp DATE );
Source: firefox.exe, 0000000E.00000003.2382870610.00000224A8ECC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2368192414.00000224A8EB5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2296756699.00000224A8EB5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2349569165.00000224A8EB5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: INSERT INTO events (type, count, timestamp) VALUES (:type, 1, date(:date));
Source: firefox.exe, 0000000E.00000003.2382870610.00000224A8ECC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2368192414.00000224A8EB5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2296756699.00000224A8EB5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2349569165.00000224A8EB5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SELECT timestamp FROM events ORDER BY timestamp ASC LIMIT 1;;
Source: firefox.exe, 0000000E.00000003.2354086790.00000224A5B3C000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SELECT sum(count) FROM events;
Source: firefox.exe, 0000000E.00000003.2382870610.00000224A8ECC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2368192414.00000224A8EB5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2296756699.00000224A8EB5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2349569165.00000224A8EB5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SELECT timestamp FROM events ORDER BY timestamp ASC LIMIT 1;;Fy6
Source: firefox.exe, 0000000E.00000003.2382870610.00000224A8ECC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2368192414.00000224A8EB5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2296756699.00000224A8EB5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2349569165.00000224A8EB5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: UPDATE events SET count = count + 1 WHERE id = :id;-
Source: firefox.exe, 0000000E.00000003.2382870610.00000224A8ECC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2368192414.00000224A8EB5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2296756699.00000224A8EB5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2349569165.00000224A8EB5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SELECT sum(count) FROM events;9'
Source: firefox.exe, 0000000E.00000003.2382870610.00000224A8ECC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2368192414.00000224A8EB5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2296756699.00000224A8EB5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2349569165.00000224A8EB5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SELECT sum(count) FROM events;9
Source: firefox.exe, 0000000E.00000003.2382870610.00000224A8ECC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2368192414.00000224A8EB5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2296756699.00000224A8EB5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2349569165.00000224A8EB5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SELECT * FROM events WHERE type = :type AND timestamp = date(:date);
Source: file.exeVirustotal: Detection: 16%
Source: unknownProcess created: C:\Users\user\Desktop\file.exe "C:\Users\user\Desktop\file.exe"
Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM firefox.exe /T
Source: C:\Windows\SysWOW64\taskkill.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM chrome.exe /T
Source: C:\Windows\SysWOW64\taskkill.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM msedge.exe /T
Source: C:\Windows\SysWOW64\taskkill.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM opera.exe /T
Source: C:\Windows\SysWOW64\taskkill.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM brave.exe /T
Source: C:\Windows\SysWOW64\taskkill.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\file.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --no-default-browser-check --disable-popup-blocking
Source: unknownProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking --attempting-deelevation
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2192 -parentBuildID 20230927232528 -prefsHandle 2128 -prefMapHandle 2112 -prefsLen 25308 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9c63859c-2e55-4015-b3c1-89393a302c0d} 7428 "\\.\pipe\gecko-crash-server-pipe.7428" 2248dd6ef10 socket
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4164 -parentBuildID 20230927232528 -prefsHandle 2976 -prefMapHandle 3680 -prefsLen 26338 -prefMapSize 237879 -appDir "C:\Program Files\Mozilla Firefox\browser" - {09b45220-661d-4d2a-9a53-a9b4f94dc97c} 7428 "\\.\pipe\gecko-crash-server-pipe.7428" 224a0221c10 rdd
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5096 -parentBuildID 20230927232528 -sandboxingKind 0 -prefsHandle 5092 -prefMapHandle 5080 -prefsLen 33119 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e326052a-a99c-48d9-b989-3184b4b5e684} 7428 "\\.\pipe\gecko-crash-server-pipe.7428" 224a7457110 utility
Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM firefox.exe /TJump to behavior
Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM chrome.exe /TJump to behavior
Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM msedge.exe /TJump to behavior
Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM opera.exe /TJump to behavior
Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM brave.exe /TJump to behavior
Source: C:\Users\user\Desktop\file.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --no-default-browser-check --disable-popup-blockingJump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blockingJump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2192 -parentBuildID 20230927232528 -prefsHandle 2128 -prefMapHandle 2112 -prefsLen 25308 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9c63859c-2e55-4015-b3c1-89393a302c0d} 7428 "\\.\pipe\gecko-crash-server-pipe.7428" 2248dd6ef10 socketJump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4164 -parentBuildID 20230927232528 -prefsHandle 2976 -prefMapHandle 3680 -prefsLen 26338 -prefMapSize 237879 -appDir "C:\Program Files\Mozilla Firefox\browser" - {09b45220-661d-4d2a-9a53-a9b4f94dc97c} 7428 "\\.\pipe\gecko-crash-server-pipe.7428" 224a0221c10 rddJump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5096 -parentBuildID 20230927232528 -sandboxingKind 0 -prefsHandle 5092 -prefMapHandle 5080 -prefsLen 33119 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e326052a-a99c-48d9-b989-3184b4b5e684} 7428 "\\.\pipe\gecko-crash-server-pipe.7428" 224a7457110 utilityJump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: wsock32.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: winmm.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: mpr.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: wininet.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: userenv.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: napinsp.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: pnrpnsp.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: wshbth.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: nlaapi.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: winrnr.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: fwpuclnt.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: rasadhlp.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: napinsp.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: pnrpnsp.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: wshbth.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: nlaapi.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: winrnr.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: fwpuclnt.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: napinsp.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: pnrpnsp.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: wshbth.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: nlaapi.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: winrnr.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: fwpuclnt.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: napinsp.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: pnrpnsp.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: wshbth.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: nlaapi.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: winrnr.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: fwpuclnt.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: profapi.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: napinsp.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: pnrpnsp.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: wshbth.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: nlaapi.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: winrnr.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: fwpuclnt.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: napinsp.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: pnrpnsp.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: wshbth.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: nlaapi.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: winrnr.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: fwpuclnt.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: napinsp.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: pnrpnsp.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: wshbth.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: nlaapi.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: winrnr.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: fwpuclnt.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: napinsp.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: pnrpnsp.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: wshbth.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: nlaapi.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: winrnr.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: fwpuclnt.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: napinsp.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: pnrpnsp.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: wshbth.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: nlaapi.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: winrnr.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: fwpuclnt.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: napinsp.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: pnrpnsp.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: wshbth.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: nlaapi.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: winrnr.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: fwpuclnt.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: napinsp.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: pnrpnsp.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: wshbth.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: nlaapi.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: winrnr.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: fwpuclnt.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: napinsp.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: pnrpnsp.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: wshbth.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: nlaapi.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: winrnr.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: fwpuclnt.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: mpr.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: framedynos.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: dbghelp.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: wbemcomn.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: winsta.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: amsi.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: mpr.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: framedynos.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: dbghelp.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: wbemcomn.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: winsta.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: amsi.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: mpr.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: framedynos.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: dbghelp.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: wbemcomn.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: winsta.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: amsi.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: mpr.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: framedynos.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: dbghelp.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: wbemcomn.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: winsta.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: amsi.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: mpr.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: framedynos.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: dbghelp.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: wbemcomn.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: winsta.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: amsi.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: profapi.dllJump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: Binary string: freebl3.pdb source: firefox.exe, 0000000E.00000003.2296552859.00000224A91EF000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: UMPDC.pdb source: firefox.exe, 0000000E.00000003.2296552859.00000224A91EF000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: wininet.pdb source: firefox.exe, 0000000E.00000003.2296552859.00000224A91EF000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: avrt.pdb source: firefox.exe, 0000000E.00000003.2296552859.00000224A91EF000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: pnrpnsp.pdb source: firefox.exe, 0000000E.00000003.2318647190.000002249DE68000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: WscApi.pdb source: firefox.exe, 0000000E.00000003.2296552859.00000224A91EF000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: NapiNSP.pdb source: firefox.exe, 0000000E.00000003.2312256849.000002249DE68000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: npmproxy.pdbUGP source: firefox.exe, 0000000E.00000003.2319907182.000002249DE68000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: 8ExplorerFrame.pdb source: firefox.exe, 0000000E.00000003.2296552859.00000224A91EF000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: z:\task_1551543573\build\openh264\gmpopenh264.pdb source: gmpopenh264.dll.tmp.14.dr
Source: Binary string: npmproxy.pdb source: firefox.exe, 0000000E.00000003.2319907182.000002249DE68000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: nssckbi.pdb source: firefox.exe, 0000000E.00000003.2296552859.00000224A91EF000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: dcomp.pdb source: firefox.exe, 0000000E.00000003.2296552859.00000224A91EF000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8audioses.pdb source: firefox.exe, 0000000E.00000003.2296552859.00000224A91EF000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8netutils.pdb source: firefox.exe, 0000000E.00000003.2296552859.00000224A91EF000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8Bcp47mrm.pdb source: firefox.exe, 0000000E.00000003.2296552859.00000224A91EF000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8osclientcerts.pdb source: firefox.exe, 0000000E.00000003.2296552859.00000224A91EF000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: mscms.pdb source: firefox.exe, 0000000E.00000003.2296552859.00000224A91EF000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8softokn3.pdb source: firefox.exe, 0000000E.00000003.2296552859.00000224A91EF000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: sspicli.pdb source: firefox.exe, 0000000E.00000003.2296552859.00000224A91EF000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8rasadhlp.pdb source: firefox.exe, 0000000E.00000003.2296552859.00000224A91EF000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: urlmon.pdb source: firefox.exe, 0000000E.00000003.2296552859.00000224A91EF000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8DataExchange.pdb source: firefox.exe, 0000000E.00000003.2296552859.00000224A91EF000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: z:\task_1551543573\build\openh264\gmpopenh264.pdbV source: gmpopenh264.dll.tmp.14.dr
Source: Binary string: NapiNSP.pdbUGP source: firefox.exe, 0000000E.00000003.2312256849.000002249DE68000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: userenv.pdb source: firefox.exe, 0000000E.00000003.2296552859.00000224A91EF000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8iertutil.pdb source: firefox.exe, 0000000E.00000003.2296552859.00000224A91EF000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8fwpuclnt.pdb source: firefox.exe, 0000000E.00000003.2296552859.00000224A91EF000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: netprofm.pdb source: firefox.exe, 0000000E.00000003.2310726075.00000224A1F41000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: winhttp.pdb source: firefox.exe, 0000000E.00000003.2296552859.00000224A91EF000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: msimg32.pdb source: firefox.exe, 0000000E.00000003.2296552859.00000224A91EF000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: pnrpnsp.pdbUGP source: firefox.exe, 0000000E.00000003.2318647190.000002249DE68000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: dxgi.pdb source: firefox.exe, 0000000E.00000003.2296552859.00000224A91EF000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: ncrypt.pdb source: firefox.exe, 0000000E.00000003.2296552859.00000224A91EF000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: ntasn1.pdb source: firefox.exe, 0000000E.00000003.2296552859.00000224A91EF000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: devobj.pdb source: firefox.exe, 0000000E.00000003.2296552859.00000224A91EF000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: netprofm.pdbUGP source: firefox.exe, 0000000E.00000003.2310726075.00000224A1F41000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: d3d11.pdb source: firefox.exe, 0000000E.00000003.2296552859.00000224A91EF000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8powrprof.pdb source: firefox.exe, 0000000E.00000003.2296552859.00000224A91EF000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: srvcli.pdb source: firefox.exe, 0000000E.00000003.2296552859.00000224A91EF000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8OnDemandConnRouteHelper.pdb source: firefox.exe, 0000000E.00000003.2296552859.00000224A91EF000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8MMDevAPI.pdb source: firefox.exe, 0000000E.00000003.2296552859.00000224A91EF000.00000004.00000800.00020000.00000000.sdmp
Source: file.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: file.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: file.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: file.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: file.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00A042DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,0_2_00A042DE
Source: gmpopenh264.dll.tmp.14.drStatic PE information: section name: .rodata
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00A20A76 push ecx; ret 0_2_00A20A89
Source: C:\Program Files\Mozilla Firefox\firefox.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll.tmpJump to dropped file
Source: C:\Program Files\Mozilla Firefox\firefox.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll (copy)Jump to dropped file
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00A1F98E GetForegroundWindow,FindWindowW,IsIconic,ShowWindow,SetForegroundWindow,GetWindowThreadProcessId,GetWindowThreadProcessId,GetCurrentThreadId,GetWindowThreadProcessId,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,SetForegroundWindow,MapVirtualKeyW,MapVirtualKeyW,keybd_event,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,SetForegroundWindow,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,0_2_00A1F98E
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00A91C41 IsWindowVisible,IsWindowEnabled,GetForegroundWindow,IsIconic,IsZoomed,0_2_00A91C41
Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

Malware Analysis System Evasion

barindex
Found API chain indicative of sandbox detection
Source: C:\Users\user\Desktop\file.exeSandbox detection routine: GetForegroundWindow, DecisionNode, Sleepgraph_0-97650
Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 17_2_0000017E609A60F7 rdtsc 17_2_0000017E609A60F7
Source: C:\Users\user\Desktop\file.exeAPI coverage: 3.8 %
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00A6DBBE lstrlenW,GetFileAttributesW,FindFirstFileW,FindClose,0_2_00A6DBBE
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00A3C2A2 FindFirstFileExW,0_2_00A3C2A2
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00A768EE FindFirstFileW,FindClose,0_2_00A768EE
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00A7698F FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToSystemTime,FileTimeToSystemTime,0_2_00A7698F
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00A6D076 FindFirstFileW,DeleteFileW,DeleteFileW,MoveFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,0_2_00A6D076
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00A6D3A9 FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,0_2_00A6D3A9
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00A79642 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,0_2_00A79642
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00A7979D SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,0_2_00A7979D
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00A79B2B FindFirstFileW,Sleep,FindNextFileW,FindClose,0_2_00A79B2B
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00A75C97 FindFirstFileW,FindNextFileW,FindClose,0_2_00A75C97
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00A042DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,0_2_00A042DE
Source: firefox.exe, 00000012.00000002.3392808071.000001E992200000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWb
Source: firefox.exe, 00000012.00000002.3387976505.000001E991D2A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWP
Source: firefox.exe, 00000010.00000002.3388533485.000001FEC3E9A000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.3392377865.0000017E60860000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
Source: firefox.exe, 00000011.00000002.3387979150.0000017E6016A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW0@
Source: firefox.exe, 00000010.00000002.3394030760.000001FEC441C000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW : 2 : 34 : 1 : 1 : 0x20026 : 0x8 : %SystemRoot%\system32\mswsock.dll : : 1234191b-4bf7-4ca7-86e0-dfd7c32b5445
Source: firefox.exe, 00000010.00000002.3388533485.000001FEC3E9A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWgt
Source: firefox.exe, 00000010.00000002.3394858559.000001FEC4840000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.3392377865.0000017E60860000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: C:\Users\user\Desktop\file.exeProcess information queried: ProcessInformationJump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 17_2_0000017E609A60F7 rdtsc 17_2_0000017E609A60F7
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00A7EAA2 BlockInput,0_2_00A7EAA2
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00A32622 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00A32622
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00A042DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,0_2_00A042DE
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00A24CE8 mov eax, dword ptr fs:[00000030h]0_2_00A24CE8
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00A60B62 GetSecurityDescriptorDacl,GetAclInformation,GetLengthSid,GetLengthSid,GetAce,AddAce,GetLengthSid,GetProcessHeap,HeapAlloc,GetLengthSid,CopySid,AddAce,SetSecurityDescriptorDacl,SetUserObjectSecurity,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,0_2_00A60B62
Source: C:\Windows\SysWOW64\taskkill.exeProcess token adjusted: DebugJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeProcess token adjusted: DebugJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeProcess token adjusted: DebugJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeProcess token adjusted: DebugJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeProcess token adjusted: DebugJump to behavior
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00A32622 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00A32622
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00A2083F IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00A2083F
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00A209D5 SetUnhandledExceptionFilter,0_2_00A209D5
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00A20C21 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_00A20C21
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00A61201 LogonUserW,DuplicateTokenEx,CloseHandle,OpenWindowStationW,GetProcessWindowStation,SetProcessWindowStation,OpenDesktopW,_wcslen,LoadUserProfileW,CreateEnvironmentBlock,CreateProcessAsUserW,UnloadUserProfile,GetProcessHeap,HeapFree,CloseWindowStation,CloseDesktop,SetProcessWindowStation,CloseHandle,DestroyEnvironmentBlock,0_2_00A61201
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00A42BA5 KiUserCallbackDispatcher,SetCurrentDirectoryW,GetForegroundWindow,ShellExecuteW,0_2_00A42BA5
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00A6B226 SendInput,keybd_event,0_2_00A6B226
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00A822DA GetForegroundWindow,GetDesktopWindow,GetWindowRect,mouse_event,GetCursorPos,mouse_event,0_2_00A822DA
Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM firefox.exe /TJump to behavior
Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM chrome.exe /TJump to behavior
Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM msedge.exe /TJump to behavior
Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM opera.exe /TJump to behavior
Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM brave.exe /TJump to behavior
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00A60B62 GetSecurityDescriptorDacl,GetAclInformation,GetLengthSid,GetLengthSid,GetAce,AddAce,GetLengthSid,GetProcessHeap,HeapAlloc,GetLengthSid,CopySid,AddAce,SetSecurityDescriptorDacl,SetUserObjectSecurity,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,0_2_00A60B62
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00A61663 AllocateAndInitializeSid,CheckTokenMembership,FreeSid,0_2_00A61663
Source: file.exeBinary or memory string: Run Script:AutoIt script files (*.au3, *.a3x)*.au3;*.a3xAll files (*.*)*.*au3#include depth exceeded. Make sure there are no recursive includesError opening the file>>>AUTOIT SCRIPT<<<Bad directive syntax errorUnterminated stringCannot parse #includeUnterminated group of commentsONOFF0%d%dShell_TrayWndREMOVEKEYSEXISTSAPPENDblankinfoquestionstopwarning
Source: file.exeBinary or memory string: Shell_TrayWnd
Source: firefox.exe, 0000000E.00000003.2289124991.00000224A1F41000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: hSoftware\Policies\Microsoft\Windows\PersonalizationNoChangingStartMenuBackgroundPersonalColors_BackgroundWilStaging_02RtlDisownModuleHeapAllocationRtlQueryFeatureConfigurationRtlRegisterFeatureConfigurationChangeNotificationRtlSubscribeWnfStateChangeNotificationRtlDllShutdownInProgressntdll.dllNtQueryWnfStateDataLocal\SM0:%d:%d:%hs_p0Local\SessionImmersiveColorPreferenceBEGINTHMthmfile\Sessions\%d\Windows\ThemeSectionMessageWindowendthemewndThemeApiConnectionRequest\ThemeApiPortwinsta0SOFTWARE\Microsoft\Windows\CurrentVersion\Themes\PersonalizeAppsUseLightThemeSystemUsesLightThemedefaultshell\themes\uxtheme\render.cppCompositedWindow::WindowdeletedrcacheMDIClientSoftware\Microsoft\Windows\DWMColorPrevalenceSoftware\Microsoft\Windows\CurrentVersion\ImmersiveShellTabletModeMENUAccentColorSoftware\Microsoft\Windows\CurrentVersion\Explorer\AccentDefaultStartColorControl Panel\DesktopAutoColorizationAccentColorMenuStartColorMenuAutoColorSoftware\Microsoft\Windows\CurrentVersion\Themes\History\ColorsSoftware\Microsoft\Windows\CurrentVersion\Themes\HistoryAccentPaletteTab$Shell_TrayWndLocal\SessionImmersiveColorMutex
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00A20698 cpuid 0_2_00A20698
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00A5D21C GetLocalTime,0_2_00A5D21C
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00A5D27A GetUserNameW,0_2_00A5D27A
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00A3B952 _free,_free,_free,GetTimeZoneInformation,WideCharToMultiByte,WideCharToMultiByte,_free,0_2_00A3B952
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00A042DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,0_2_00A042DE
Source: file.exeBinary or memory string: WIN_81
Source: file.exeBinary or memory string: WIN_XP
Source: file.exeBinary or memory string: %.3d%S%M%H%m%Y%jX86IA64X64WIN32_NTWIN_11WIN_10WIN_2022WIN_2019WIN_2016WIN_81WIN_2012R2WIN_2012WIN_8WIN_2008R2WIN_7WIN_2008WIN_VISTAWIN_2003WIN_XPeWIN_XPInstallLanguageSYSTEM\CurrentControlSet\Control\Nls\LanguageSchemeLangIDControl Panel\AppearanceUSERPROFILEUSERDOMAINUSERDNSDOMAINGetSystemWow64DirectoryWSeDebugPrivilege:winapistdcallubyte64HKEY_LOCAL_MACHINEHKLMHKEY_CLASSES_ROOTHKCRHKEY_CURRENT_CONFIGHKCCHKEY_CURRENT_USERHKCUHKEY_USERSHKUREG_EXPAND_SZREG_SZREG_MULTI_SZREG_DWORDREG_QWORDREG_BINARYRegDeleteKeyExWadvapi32.dll+.-.\\[\\nrt]|%%|%[-+ 0#]?([0-9]*|\*)?(\.[0-9]*|\.\*)?[hlL]?[diouxXeEfgGs](*UCP)\XISVISIBLEISENABLEDTABLEFTTABRIGHTCURRENTTABSHOWDROPDOWNHIDEDROPDOWNADDSTRINGDELSTRINGFINDSTRINGGETCOUNTSETCURRENTSELECTIONGETCURRENTSELECTIONSELECTSTRINGISCHECKEDCHECKUNCHECKGETSELECTEDGETLINECOUNTGETCURRENTLINEGETCURRENTCOLEDITPASTEGETLINESENDCOMMANDIDGETITEMCOUNTGETSUBITEMCOUNTGETTEXTGETSELECTEDCOUNTISSELECTEDSELECTALLSELECTCLEARSELECTINVERTDESELECTFINDITEMVIEWCHANGEGETTOTALCOUNTCOLLAPSEEXPANDmsctls_statusbar321tooltips_class32%d/%02d/%02dbuttonComboboxListboxSysDateTimePick32SysMonthCal32.icl.exe.dllMsctls_Progress32msctls_trackbar32SysAnimate32msctls_updown32SysTabControl32SysTreeView32SysListView32-----@GUI_DRAGID@GUI_DROPID@GUI_DRAGFILEError text not found (please report)Q\EDEFINEUTF16)UTF)UCP)NO_AUTO_POSSESS)NO_START_OPT)LIMIT_MATCH=LIMIT_RECURSION=CR)LF)CRLF)ANY)ANYCRLF)BSR_ANYCRLF)BSR_UNICODE)argument is not a compiled regular expressionargument not compiled in 16 bit modeinternal error: opcode not recognizedinternal error: missing capturing bracketfailed to get memory
Source: file.exeBinary or memory string: WIN_XPe
Source: file.exeBinary or memory string: WIN_VISTA
Source: file.exeBinary or memory string: WIN_7
Source: file.exeBinary or memory string: WIN_8
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00A81204 socket,WSAGetLastError,bind,WSAGetLastError,closesocket,listen,WSAGetLastError,closesocket,0_2_00A81204
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00A81806 socket,WSAGetLastError,bind,WSAGetLastError,closesocket,0_2_00A81806

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire Infrastructure2
Valid Accounts		1
Windows Management Instrumentation		1
DLL Side-Loading		1
Exploitation for Privilege Escalation		2
Disable or Modify Tools		21
Input Capture		2
System Time Discovery		Remote Services1
Archive Collected Data		2
Ingress Tool Transfer		Exfiltration Over Other Network Medium1
System Shutdown/Reboot
CredentialsDomainsDefault Accounts1
Native API		2
Valid Accounts		1
DLL Side-Loading		1
Deobfuscate/Decode Files or Information		LSASS Memory1
Account Discovery		Remote Desktop Protocol21
Input Capture		12
Encrypted Channel		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
Extra Window Memory Injection		2
Obfuscated Files or Information		Security Account Manager2
File and Directory Discovery		SMB/Windows Admin Shares3
Clipboard Data		2
Non-Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin Hook2
Valid Accounts		1
DLL Side-Loading		NTDS16
System Information Discovery		Distributed Component Object ModelInput Capture3
Application Layer Protocol		Traffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon Script21
Access Token Manipulation		1
Extra Window Memory Injection		LSA Secrets131
Security Software Discovery		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC Scripts2
Process Injection		1
Masquerading		Cached Domain Credentials1
Virtualization/Sandbox Evasion		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items2
Valid Accounts		DCSync3
Process Discovery		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
Virtualization/Sandbox Evasion		Proc Filesystem1
Application Window Discovery		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt21
Access Token Manipulation		/etc/passwd and /etc/shadow1
System Owner/User Discovery		Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCronCron2
Process Injection		Network SniffingNetwork Service DiscoveryShared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1566418 Sample: file.exe Startdate: 02/12/2024 Architecture: WINDOWS Score: 72 45 youtube.com 2->45 47 youtube-ui.l.google.com 2->47 49 34 other IPs or domains 2->49 57 Antivirus / Scanner detection for submitted sample 2->57 59 Multi AV Scanner detection for submitted file 2->59 61 Binary is likely a compiled AutoIt script file 2->61 63 2 other signatures 2->63 8 file.exe 2->8         started        11 firefox.exe 1 2->11         started        signatures3 process4 signatures5 65 Binary is likely a compiled AutoIt script file 8->65 67 Found API chain indicative of sandbox detection 8->67 13 taskkill.exe 1 8->13         started        15 taskkill.exe 1 8->15         started        17 taskkill.exe 1 8->17         started        23 3 other processes 8->23 19 firefox.exe 3 200 11->19         started        process6 dnsIp7 25 conhost.exe 13->25         started        27 conhost.exe 15->27         started        29 conhost.exe 17->29         started        51 youtube.com 142.250.181.142, 443, 49727, 49728 GOOGLEUS United States 19->51 53 prod.detectportal.prod.cloudops.mozgcp.net 34.107.221.82, 49729, 49735, 49741 GOOGLEUS United States 19->53 55 10 other IPs or domains 19->55 41 C:\Users\user\AppData\...\gmpopenh264.dll.tmp, PE32+ 19->41 dropped 43 C:\Users\user\...\gmpopenh264.dll (copy), PE32+ 19->43 dropped 31 firefox.exe 1 19->31         started        33 firefox.exe 1 19->33         started        35 firefox.exe 1 19->35         started        37 conhost.exe 23->37         started        39 conhost.exe 23->39         started        file8 process9

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
file.exe17%VirustotalBrowse
file.exe100%AviraTR/ATRAPS.Gen
file.exe100%Joe Sandbox ML

Dropped Files

SourceDetectionScannerLabelLink
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll (copy)0%ReversingLabs
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll.tmp0%ReversingLabs

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
https://shavar.services.mozilla.coml0%Avira URL Cloudsafe

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
example.org
93.184.215.14
truefalse
    		high
    star-mini.c10r.facebook.com
    		157.240.196.35
    		truefalse
      		high
      prod.classify-client.prod.webservices.mozgcp.net
      		35.190.72.216
      		truefalse
        		high
        prod.balrog.prod.cloudops.mozgcp.net
        		35.244.181.201
        		truefalse
          		high
          twitter.com
          		104.244.42.129
          		truefalse
            		high
            prod.detectportal.prod.cloudops.mozgcp.net
            		34.107.221.82
            		truefalse
              		high
              services.addons.mozilla.org
              		151.101.1.91
              		truefalse
                		high
                dyna.wikimedia.org
                		185.15.58.224
                		truefalse
                  		high
                  prod.remote-settings.prod.webservices.mozgcp.net
                  		34.149.100.209
                  		truefalse
                    		high
                    contile.services.mozilla.com
                    		34.117.188.166
                    		truefalse
                      		high
                      youtube.com
                      		142.250.181.142
                      		truefalse
                        		high
                        prod.content-signature-chains.prod.webservices.mozgcp.net
                        		34.160.144.191
                        		truefalse
                          		high
                          dualstack.reddit.map.fastly.net
                          		151.101.65.140
                          		truefalse
                            		high
                            youtube-ui.l.google.com
                            		142.250.181.78
                            		truefalse
                              		high
                              us-west1.prod.sumo.prod.webservices.mozgcp.net
                              		34.149.128.2
                              		truefalse
                                		high
                                ipv4only.arpa
                                		192.0.0.171
                                		truefalse
                                  		high
                                  prod.ads.prod.webservices.mozgcp.net
                                  		34.117.188.166
                                  		truefalse
                                    		high
                                    push.services.mozilla.com
                                    		34.107.243.93
                                    		truefalse
                                      		high
                                      normandy-cdn.services.mozilla.com
                                      		35.201.103.21
                                      		truefalse
                                        		high
                                        telemetry-incoming.r53-2.services.mozilla.com
                                        		34.120.208.123
                                        		truefalse
                                          		high
                                          www.reddit.com
                                          		unknown
                                          		unknownfalse
                                            		high
                                            spocs.getpocket.com
                                            		unknown
                                            		unknownfalse
                                              		high
                                              content-signature-2.cdn.mozilla.net
                                              		unknown
                                              		unknownfalse
                                                		high
                                                support.mozilla.org
                                                		unknown
                                                		unknownfalse
                                                  		high
                                                  firefox.settings.services.mozilla.com
                                                  		unknown
                                                  		unknownfalse
                                                    		high
                                                    www.youtube.com
                                                    		unknown
                                                    		unknownfalse
                                                      		high
                                                      www.facebook.com
                                                      		unknown
                                                      		unknownfalse
                                                        		high
                                                        detectportal.firefox.com
                                                        		unknown
                                                        		unknownfalse
                                                          		high
                                                          normandy.cdn.mozilla.net
                                                          		unknown
                                                          		unknownfalse
                                                            		high
                                                            shavar.services.mozilla.com
                                                            		unknown
                                                            		unknownfalse
                                                              		high
                                                              www.wikipedia.org
                                                              		unknown
                                                              		unknownfalse
                                                                		high

                                                                URLs from Memory and Binaries

                                                                NameSourceMaliciousAntivirus DetectionReputation
                                                                https://play.google.com/store/apps/details?id=org.mozilla.firefox.vpn&referrer=utm_source%3Dfirefox-firefox.exe, 00000010.00000002.3390040895.000001FEC4060000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3393687304.0000017E609C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3389471986.000001E991EC0000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                  		high
                                                                  https://getpocket.cdn.mozilla.net/v3/firefox/trending-topics?version=2&consumer_key=$apiKey&locale_lfirefox.exe, 00000012.00000002.3390124365.000001E9921C4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    http://detectportal.firefox.com/firefox.exe, 0000000E.00000003.2372986478.00000224A7A4F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      https://services.addons.mozilla.org/api/v5/addons/browser-mappings/?browser=%BROWSER%firefox.exe, 00000010.00000002.3390040895.000001FEC4060000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3393687304.0000017E609C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3389471986.000001E991EC0000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                        		high
                                                                        https://datastudio.google.com/embed/reporting/firefox.exe, 0000000E.00000003.2299279116.00000224A740A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          http://www.mozilla.com0gmpopenh264.dll.tmp.14.drfalse
                                                                            		high
                                                                            https://developer.mozilla.org/en-US/docs/Web/Web_Components/Using_custom_elements#using_the_lifecyclfirefox.exe, 0000000E.00000003.2328526088.00000224A5C2B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2220077057.00000224A5C30000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2226793487.00000224A5C2E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2218813640.00000224A5C30000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696425136400800000.2&ci=1696425136743.firefox.exe, 00000010.00000002.3390452673.000001FEC42CB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.3389412157.0000017E603E9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3393044777.000001E992303000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.14.drfalse
                                                                                		high
                                                                                https://merino.services.mozilla.com/api/v1/suggestfirefox.exe, 00000011.00000002.3389412157.0000017E60386000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3390124365.000001E99218F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  https://monitor.firefox.com/oauth/init?entrypoint=protection_report_monitor&utm_source=about-protectfirefox.exe, 00000010.00000002.3390040895.000001FEC4060000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3393687304.0000017E609C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3389471986.000001E991EC0000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                    		high
                                                                                    https://spocs.getpocket.com/spocsfirefox.exe, 0000000E.00000003.2354086790.00000224A5B29000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                      		high
                                                                                      https://completion.amazon.com/search/complete?q=firefox.exe, 0000000E.00000003.2197605174.000002249D660000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2197449566.000002249D63E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2197305732.000002249D61D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2197165878.000002249D400000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2198548081.000002249D681000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                        		high
                                                                                        https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/social-media-tracking-reportfirefox.exe, 00000010.00000002.3390040895.000001FEC4060000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3393687304.0000017E609C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3389471986.000001E991EC0000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                          		high
                                                                                          https://ads.stickyadstv.com/firefox-etpfirefox.exe, 0000000E.00000003.2223886021.000002249F2F5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2380594681.000002249F2F5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2380968738.000002249F2BE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2223886021.000002249F2BE000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                            		high
                                                                                            https://identity.mozilla.com/ids/ecosystem_telemetryUfirefox.exe, 0000000E.00000003.2382960569.00000224A8EB5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2368192414.00000224A8EB5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2296756699.00000224A8EB5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2349569165.00000224A8EB5000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                              		high
                                                                                              https://shavar.services.mozilla.comlfirefox.exe, 0000000E.00000003.2376585906.00000224A0697000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                              • Avira URL Cloud: safe
                                                                                              		unknown
                                                                                              https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/send-tabfirefox.exe, 00000010.00000002.3390040895.000001FEC4060000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3393687304.0000017E609C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3389471986.000001E991EC0000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                		high
                                                                                                https://monitor.firefox.com/breach-details/firefox.exe, 00000010.00000002.3390040895.000001FEC4060000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3393687304.0000017E609C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3389471986.000001E991EC0000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                  		high
                                                                                                  https://github.com/w3c/csswg-drafts/issues/4650firefox.exe, 0000000E.00000003.2354086790.00000224A5B29000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                    		high
                                                                                                    https://versioncheck-bg.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEMfirefox.exe, 00000010.00000002.3390040895.000001FEC4060000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3393687304.0000017E609C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3389471986.000001E991EC0000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                      		high
                                                                                                      https://xhr.spec.whatwg.org/#sync-warningfirefox.exe, 0000000E.00000003.2390870696.00000224A752B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                        		high
                                                                                                        https://www.amazon.com/exec/obidos/external-search/firefox.exe, 0000000E.00000003.2377034839.000002249F7A4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2327077983.000002249F60A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2197605174.000002249D660000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2197449566.000002249D63E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2197305732.000002249D61D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2197165878.000002249D400000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2198548081.000002249D681000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                          		high
                                                                                                          https://www.msn.comfirefox.exe, 0000000E.00000003.2375734891.00000224A156B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2301225240.00000224A156B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                            		high
                                                                                                            https://github.com/mozilla-services/screenshotsfirefox.exe, 0000000E.00000003.2197605174.000002249D660000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2197449566.000002249D63E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2197305732.000002249D61D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2197165878.000002249D400000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                              		high
                                                                                                              https://services.addons.mozilla.org/api/v4/addons/addon/firefox.exe, 00000010.00000002.3390040895.000001FEC4060000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3393687304.0000017E609C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3389471986.000001E991EC0000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                		high
                                                                                                                https://tracking-protection-issues.herokuapp.com/newfirefox.exe, 00000010.00000002.3390040895.000001FEC4060000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3393687304.0000017E609C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3389471986.000001E991EC0000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                  		high
                                                                                                                  https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/password-manager-reportfirefox.exe, 00000010.00000002.3390040895.000001FEC4060000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3393687304.0000017E609C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3389471986.000001E991EC0000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                    		high
                                                                                                                    https://youtube.com/firefox.exe, 0000000E.00000003.2385318480.00000224A15BC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2401443648.00000224A02CC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2297352926.00000224A8060000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                      		high
                                                                                                                      https://content-signature-2.cdn.mozilla.net/firefox.exe, 0000000E.00000003.2379597755.000002249F42C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                        		high
                                                                                                                        https://www.instagram.com/firefox.exe, 0000000E.00000003.2249576995.00000224A795D000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                          		high
                                                                                                                          https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/fingerprinters-reportfirefox.exe, 00000010.00000002.3390040895.000001FEC4060000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3393687304.0000017E609C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3389471986.000001E991EC0000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                            		high
                                                                                                                            https://api.accounts.firefox.com/v1firefox.exe, 00000010.00000002.3390040895.000001FEC4060000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3393687304.0000017E609C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3389471986.000001E991EC0000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                              		high
                                                                                                                              https://www.amazon.com/firefox.exe, 0000000E.00000003.2354086790.00000224A5B29000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                		high
                                                                                                                                https://addons.mozilla.org/%LOCALE%/%APP%/blocked-addon/%addonID%/%addonVersion%/firefox.exe, 00000010.00000002.3390040895.000001FEC4060000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3393687304.0000017E609C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3389471986.000001E991EC0000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                  		high
                                                                                                                                  https://developer.mozilla.org/docs/Mozilla/Add-ons/WebExtensions/API/tabs/captureTabMozRequestFullScfirefox.exe, 0000000E.00000003.2390870696.00000224A752B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                    		high
                                                                                                                                    https://monitor.firefox.com/?entrypoint=protection_report_monitor&utm_source=about-protectionsfirefox.exe, 00000010.00000002.3390040895.000001FEC4060000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3393687304.0000017E609C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3389471986.000001E991EC0000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                      		high
                                                                                                                                      http://win.mail.ru/cgi-bin/sentmsg?mailto=%sfirefox.exe, 0000000E.00000003.2424955934.0000022499A7D000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                        		high
                                                                                                                                        https://www.youtube.com/firefox.exe, 0000000E.00000003.2354086790.00000224A5B29000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.3389412157.0000017E6030A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3390124365.000001E99210C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                          		high
                                                                                                                                          https://bugzilla.mozilla.org/show_bug.cgi?id=1283601firefox.exe, 0000000E.00000003.2256372621.000002249F856000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2255684560.000002249F832000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                            		high
                                                                                                                                            https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/shieldfirefox.exe, 00000010.00000002.3390040895.000001FEC4060000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3393687304.0000017E609C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3389471986.000001E991EC0000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                              		high
                                                                                                                                              https://MD8.mozilla.org/1/mfirefox.exe, 0000000E.00000003.2397524663.00000224A5F73000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                		high
                                                                                                                                                https://addons.mozilla.org/firefox/addon/to-google-translate/firefox.exe, 0000000E.00000003.2401244103.00000224A07EC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2370825536.00000224A07EC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2302878704.00000224A07EC000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                  		high
                                                                                                                                                  https://getpocket.cdn.mozilla.net/v3/firefox/global-recs?version=3&consumer_key=$apiKey&locale_lang=firefox.exe, 00000012.00000002.3390124365.000001E9921C4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                    		high
                                                                                                                                                    http://127.0.0.1:firefox.exe, 00000010.00000002.3390040895.000001FEC4060000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3393687304.0000017E609C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3389471986.000001E991EC0000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                      		high
                                                                                                                                                      https://bugzilla.mozilla.org/show_bug.cgi?id=1266220firefox.exe, 0000000E.00000003.2256372621.000002249F856000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                        		high
                                                                                                                                                        https://searchfox.org/mozilla-central/source/toolkit/components/search/SearchUtils.jsm#145-152firefox.exe, 0000000E.00000003.2251708657.000002249F8EE000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                          		high
                                                                                                                                                          https://bugzilla.mofirefox.exe, 0000000E.00000003.2394057258.00000224A0754000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                            		high
                                                                                                                                                            https://mitmdetection.services.mozilla.com/firefox.exe, 00000010.00000002.3390040895.000001FEC4060000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3393687304.0000017E609C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3389471986.000001E991EC0000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                              		high
                                                                                                                                                              https://youtube.com/account?=recovery.jsonlz4.tmp.14.drfalse
                                                                                                                                                                		high
                                                                                                                                                                https://shavar.services.mozilla.com/firefox.exe, 0000000E.00000003.2372986478.00000224A7A4F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                  		high
                                                                                                                                                                  https://support.mozilla.org/products/firefoxgro.allizom.troppus.GVegJq3nFfBLfirefox.exe, 0000000E.00000003.2299279116.00000224A7424000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                    		high
                                                                                                                                                                    https://www.bestbuy.com/site/electronics/top-deals/pcmcat1563299784494.c/?id=pcmcat1563299784494&reffirefox.exe, 00000010.00000002.3390452673.000001FEC42CB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.3389412157.0000017E603E9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3393044777.000001E992303000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.14.drfalse
                                                                                                                                                                      		high
                                                                                                                                                                      https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_35787f1071928bc3a1aef90b79c9bee9c64ba6683fde7477firefox.exe, 00000010.00000002.3390452673.000001FEC42CB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.3389412157.0000017E603E9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3393044777.000001E992303000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.14.drfalse
                                                                                                                                                                        		high
                                                                                                                                                                        https://developer.mozilla.org/docs/Web/API/Element/releasePointerCapturefirefox.exe, 0000000E.00000003.2390870696.00000224A753F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                          		high
                                                                                                                                                                          https://spocs.getpocket.com/firefox.exe, 0000000E.00000003.2354086790.00000224A5B29000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.3389412157.0000017E60312000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3390124365.000001E992113000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                            		high
                                                                                                                                                                            https://services.addons.mozilla.org/api/v4/abuse/report/addon/firefox.exe, 00000010.00000002.3390040895.000001FEC4060000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3393687304.0000017E609C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3389471986.000001E991EC0000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                              		high
                                                                                                                                                                              https://services.addons.mozilla.org/api/v4/addons/search/?guid=%IDS%&lang=%LOCALE%firefox.exe, 00000010.00000002.3390040895.000001FEC4060000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3393687304.0000017E609C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3389471986.000001E991EC0000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                		high
                                                                                                                                                                                https://color.firefox.com/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_content=theme-ffirefox.exe, 00000010.00000002.3390040895.000001FEC4060000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3393687304.0000017E609C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3389471986.000001E991EC0000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                  		high
                                                                                                                                                                                  https://youtube.com/account?=https://accounts.google.cofirefox.exe, 00000011.00000002.3387642112.0000017E60130000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                    		high
                                                                                                                                                                                    https://play.google.com/store/apps/details?id=org.mozilla.firefox&referrer=utm_source%3Dprotection_rfirefox.exe, 00000010.00000002.3390040895.000001FEC4060000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3393687304.0000017E609C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3389471986.000001E991EC0000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                      		high
                                                                                                                                                                                      https://monitor.firefox.com/user/breach-stats?includeResolved=truefirefox.exe, 00000010.00000002.3390040895.000001FEC4060000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3393687304.0000017E609C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3389471986.000001E991EC0000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                        		high
                                                                                                                                                                                        https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/cross-site-tracking-reportfirefox.exe, 00000010.00000002.3390040895.000001FEC4060000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3393687304.0000017E609C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3389471986.000001E991EC0000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                          		high
                                                                                                                                                                                          https://bugzilla.mozilla.org/show_bug.cgi?id=1584464firefox.exe, 0000000E.00000003.2354086790.00000224A5B29000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                            		high
                                                                                                                                                                                            http://a9.com/-/spec/opensearch/1.0/firefox.exe, 0000000E.00000003.2397524663.00000224A5F8B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2351968676.00000224A5F8B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                              		high
                                                                                                                                                                                              https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4p8dfCfm4pbW1pbWfpbW7ReNxR3UIG8zInwYIFIVs9eYiprefs-1.js.14.drfalse
                                                                                                                                                                                                		high
                                                                                                                                                                                                https://safebrowsing.google.com/safebrowsing/diagnostic?site=firefox.exe, 00000010.00000002.3390040895.000001FEC4060000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3393687304.0000017E609C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3389471986.000001E991EC0000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                  		high
                                                                                                                                                                                                  https://monitor.firefox.com/user/dashboardfirefox.exe, 00000010.00000002.3390040895.000001FEC4060000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3393687304.0000017E609C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3389471986.000001E991EC0000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                    		high
                                                                                                                                                                                                    https://versioncheck.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEM_IDfirefox.exe, 00000010.00000002.3390040895.000001FEC4060000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3393687304.0000017E609C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3389471986.000001E991EC0000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                      		high
                                                                                                                                                                                                      https://monitor.firefox.com/aboutfirefox.exe, 00000010.00000002.3390040895.000001FEC4060000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3393687304.0000017E609C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3389471986.000001E991EC0000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                        		high
                                                                                                                                                                                                        http://mozilla.org/MPL/2.0/.firefox.exe, 0000000E.00000003.2302615895.00000224A141E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2336984483.000002249F6ED000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2311242833.000002249F6E7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2299791675.00000224A5B90000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2258461770.000002249F8E8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2417979774.000002249D64D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2251708657.000002249F8EE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2318088287.000002249F6ED000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2408085024.00000224A5B92000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2222064353.00000224A5BE3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2264817742.000002249F8E5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2384725642.00000224A5B90000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2385926062.00000224A09AC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2301985729.00000224A14ED000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2375425078.00000224A5B30000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2299791675.00000224A5BB0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2408085024.00000224A5BB0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2247811818.000002249EFC3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2311242833.000002249F6B1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2361850236.000002249D64B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2335918896.000002249F8E5000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          		high
                                                                                                                                                                                                          https://account.bellmedia.cfirefox.exe, 0000000E.00000003.2375734891.00000224A156B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2301225240.00000224A156B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            		high
                                                                                                                                                                                                            http://youtube.com/firefox.exe, 0000000E.00000003.2351968676.00000224A5F3B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                              		high
                                                                                                                                                                                                              https://login.microsoftonline.comfirefox.exe, 0000000E.00000003.2375734891.00000224A156B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2301225240.00000224A156B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                		high
                                                                                                                                                                                                                https://coverage.mozilla.orgfirefox.exe, 00000010.00000002.3390040895.000001FEC4060000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3393687304.0000017E609C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3389471986.000001E991EC0000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                                  		high
                                                                                                                                                                                                                  http://crl.thawte.com/ThawteTimestampingCA.crl0gmpopenh264.dll.tmp.14.drfalse
                                                                                                                                                                                                                    		high
                                                                                                                                                                                                                    https://www.zhihu.com/firefox.exe, 0000000E.00000003.2300169435.00000224A5AFA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2222642707.00000224A5AFA000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                      		high
                                                                                                                                                                                                                      http://x1.c.lencr.org/0firefox.exe, 0000000E.00000003.2299791675.00000224A5B9D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2298604429.00000224A7446000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2222064353.00000224A5B9D000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                        		high
                                                                                                                                                                                                                        http://x1.i.lencr.org/0firefox.exe, 0000000E.00000003.2299791675.00000224A5B9D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2298604429.00000224A7446000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2222064353.00000224A5B9D000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                          		high
                                                                                                                                                                                                                          http://a9.com/-/spec/opensearch/1.1/firefox.exe, 0000000E.00000003.2397524663.00000224A5F8B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2351968676.00000224A5F8B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                            		high
                                                                                                                                                                                                                            https://infra.spec.whatwg.org/#ascii-whitespacefirefox.exe, 0000000E.00000003.2328526088.00000224A5C2B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2220077057.00000224A5C30000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2226793487.00000224A5C2E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                              		high
                                                                                                                                                                                                                              https://blocked.cdn.mozilla.net/firefox.exe, 00000010.00000002.3390040895.000001FEC4060000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3393687304.0000017E609C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3389471986.000001E991EC0000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                                                		high
                                                                                                                                                                                                                                https://developer.mozilla.org/en-US/docs/Glossary/speculative_parsingDocumentWriteIgnoredfirefox.exe, 0000000E.00000003.2390870696.00000224A752B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                  		high
                                                                                                                                                                                                                                  http://developer.mozilla.org/en/docs/DOM:element.addEventListenerfirefox.exe, 0000000E.00000003.2390870696.00000224A752B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                    		high
                                                                                                                                                                                                                                    https://duckduckgo.com/?t=ffab&q=firefox.exe, 0000000E.00000003.2351968676.00000224A5F67000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                      		high
                                                                                                                                                                                                                                      https://profiler.firefox.comfirefox.exe, 00000010.00000002.3390040895.000001FEC4060000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3393687304.0000017E609C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3389471986.000001E991EC0000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                                                        		high
                                                                                                                                                                                                                                        http://crl.micrfirefox.exe, 0000000E.00000003.2310037067.000002249DE40000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2350608434.000002249DE40000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2292766302.000002249DE24000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2305971914.000002249DE40000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2296184832.000002249DE32000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2293657363.000002249DE32000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2293822912.000002249DE40000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2292851542.000002249DE40000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2294227375.000002249DE2E000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2304792843.000002249DE40000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2295085022.000002249DE40000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2294904676.000002249DE32000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2350017340.000002249DE32000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2296317151.000002249DE40000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2294324064.000002249DE40000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                          		high
                                                                                                                                                                                                                                          https://mozilla.cloudflare-dns.com/dns-queryfirefox.exe, 00000010.00000002.3390040895.000001FEC4060000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3393687304.0000017E609C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3389471986.000001E991EC0000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                                                            		high
                                                                                                                                                                                                                                            https://support.mozilla.org/kb/refresh-firefox-reset-add-ons-and-settings2firefox.exe, 0000000E.00000003.2300803939.00000224A59F4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2354474351.00000224A59F4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                              		high
                                                                                                                                                                                                                                              https://bugzilla.mozilla.org/show_bug.cgi?id=1678448firefox.exe, 0000000E.00000003.2256372621.000002249F856000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2255684560.000002249F832000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                		high
                                                                                                                                                                                                                                                https://mail.yahoo.co.jp/compose/?To=%sfirefox.exe, 0000000E.00000003.2424955934.0000022499A7D000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                  		high
                                                                                                                                                                                                                                                  https://addons.mozilla.org/firefox/addon/reddit-enhancement-suite/firefox.exe, 0000000E.00000003.2401244103.00000224A07EC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2370825536.00000224A07EC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2302878704.00000224A07EC000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                    		high
                                                                                                                                                                                                                                                    https://contile.services.mozilla.com/v1/tilesfirefox.exe, 0000000E.00000003.2368828688.00000224A5D4D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3390040895.000001FEC4060000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3393687304.0000017E609C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3389471986.000001E991EC0000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                                                                      		high
                                                                                                                                                                                                                                                      https://firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/firefox.exe, 0000000E.00000003.2375068549.00000224A740A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                        		high
                                                                                                                                                                                                                                                        https://monitor.firefox.com/user/preferencesfirefox.exe, 00000010.00000002.3390040895.000001FEC4060000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3393687304.0000017E609C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3389471986.000001E991EC0000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                                                                          		high
                                                                                                                                                                                                                                                          https://screenshots.firefox.com/firefox.exe, 0000000E.00000003.2197165878.000002249D400000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                            		high
                                                                                                                                                                                                                                                            https://www.google.com/searchfirefox.exe, 0000000E.00000003.2377034839.000002249F7A4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2327077983.000002249F60A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2387430413.000002249F289000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2197605174.000002249D660000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2197449566.000002249D63E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2197305732.000002249D61D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2197165878.000002249D400000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2198548081.000002249D681000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                              		high
                                                                                                                                                                                                                                                              https://gpuweb.github.io/gpuweb/firefox.exe, 0000000E.00000003.2354086790.00000224A5B29000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                		high
                                                                                                                                                                                                                                                                https://relay.firefox.com/api/v1/firefox.exe, 00000010.00000002.3390040895.000001FEC4060000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3393687304.0000017E609C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3389471986.000001E991EC0000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                  		high
                                                                                                                                                                                                                                                                  https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/tracking-content-reportfirefox.exe, 00000010.00000002.3390040895.000001FEC4060000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3393687304.0000017E609C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3389471986.000001E991EC0000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                    		high
                                                                                                                                                                                                                                                                    https://topsites.services.mozilla.com/cid/firefox.exe, 00000010.00000002.3390040895.000001FEC4060000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3393687304.0000017E609C0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3389471986.000001E991EC0000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                      		high

                                                                                                                                                                                                                                                                      World Map of Contacted IPs

                                                                                                                                                                                                                                                                      • No. of IPs < 25%
                                                                                                                                                                                                                                                                      • 25% < No. of IPs < 50%
                                                                                                                                                                                                                                                                      • 50% < No. of IPs < 75%
                                                                                                                                                                                                                                                                      • 75% < No. of IPs

                                                                                                                                                                                                                                                                      Public IPs

                                                                                                                                                                                                                                                                      IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                                                                                                                      151.101.1.91
                                                                                                                                                                                                                                                                      		services.addons.mozilla.orgUnited States
                                                                                                                                                                                                                                                                      		54113FASTLYUSfalse
                                                                                                                                                                                                                                                                      142.250.181.142
                                                                                                                                                                                                                                                                      		youtube.comUnited States
                                                                                                                                                                                                                                                                      		15169GOOGLEUSfalse
                                                                                                                                                                                                                                                                      34.149.100.209
                                                                                                                                                                                                                                                                      		prod.remote-settings.prod.webservices.mozgcp.netUnited States
                                                                                                                                                                                                                                                                      		2686ATGS-MMD-ASUSfalse
                                                                                                                                                                                                                                                                      34.107.243.93
                                                                                                                                                                                                                                                                      		push.services.mozilla.comUnited States
                                                                                                                                                                                                                                                                      		15169GOOGLEUSfalse
                                                                                                                                                                                                                                                                      34.107.221.82
                                                                                                                                                                                                                                                                      		prod.detectportal.prod.cloudops.mozgcp.netUnited States
                                                                                                                                                                                                                                                                      		15169GOOGLEUSfalse
                                                                                                                                                                                                                                                                      35.244.181.201
                                                                                                                                                                                                                                                                      		prod.balrog.prod.cloudops.mozgcp.netUnited States
                                                                                                                                                                                                                                                                      		15169GOOGLEUSfalse
                                                                                                                                                                                                                                                                      34.117.188.166
                                                                                                                                                                                                                                                                      		contile.services.mozilla.comUnited States
                                                                                                                                                                                                                                                                      		139070GOOGLE-AS-APGoogleAsiaPacificPteLtdSGfalse
                                                                                                                                                                                                                                                                      35.201.103.21
                                                                                                                                                                                                                                                                      		normandy-cdn.services.mozilla.comUnited States
                                                                                                                                                                                                                                                                      		15169GOOGLEUSfalse
                                                                                                                                                                                                                                                                      35.190.72.216
                                                                                                                                                                                                                                                                      		prod.classify-client.prod.webservices.mozgcp.netUnited States
                                                                                                                                                                                                                                                                      		15169GOOGLEUSfalse
                                                                                                                                                                                                                                                                      34.160.144.191
                                                                                                                                                                                                                                                                      		prod.content-signature-chains.prod.webservices.mozgcp.netUnited States
                                                                                                                                                                                                                                                                      		2686ATGS-MMD-ASUSfalse
                                                                                                                                                                                                                                                                      34.120.208.123
                                                                                                                                                                                                                                                                      		telemetry-incoming.r53-2.services.mozilla.comUnited States
                                                                                                                                                                                                                                                                      		15169GOOGLEUSfalse

                                                                                                                                                                                                                                                                      Private

                                                                                                                                                                                                                                                                      IP
                                                                                                                                                                                                                                                                      127.0.0.1

                                                                                                                                                                                                                                                                      General Information

                                                                                                                                                                                                                                                                      Joe Sandbox version:41.0.0 Charoite
                                                                                                                                                                                                                                                                      Analysis ID:1566418
                                                                                                                                                                                                                                                                      Start date and time:2024-12-02 07:36:07 +01:00
                                                                                                                                                                                                                                                                      Joe Sandbox product:CloudBasic
                                                                                                                                                                                                                                                                      Overall analysis duration:0h 7m 20s
                                                                                                                                                                                                                                                                      Hypervisor based Inspection enabled:false
                                                                                                                                                                                                                                                                      Report type:full
                                                                                                                                                                                                                                                                      Cookbook file name:default.jbs
                                                                                                                                                                                                                                                                      Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                                                                                                                      Number of analysed new started processes analysed:21
                                                                                                                                                                                                                                                                      Number of new started drivers analysed:0
                                                                                                                                                                                                                                                                      Number of existing processes analysed:0
                                                                                                                                                                                                                                                                      Number of existing drivers analysed:0
                                                                                                                                                                                                                                                                      Number of injected processes analysed:0
                                                                                                                                                                                                                                                                      Technologies:
                                                                                                                                                                                                                                                                      • HCA enabled
                                                                                                                                                                                                                                                                      • EGA enabled
                                                                                                                                                                                                                                                                      • AMSI enabled
                                                                                                                                                                                                                                                                      Analysis Mode:default
                                                                                                                                                                                                                                                                      Analysis stop reason:Timeout
                                                                                                                                                                                                                                                                      Sample name:file.exe
                                                                                                                                                                                                                                                                      Detection:MAL
                                                                                                                                                                                                                                                                      Classification:mal72.evad.winEXE@34/34@67/12
                                                                                                                                                                                                                                                                      EGA Information:
                                                                                                                                                                                                                                                                      • Successful, ratio: 50%
                                                                                                                                                                                                                                                                      HCA Information:
                                                                                                                                                                                                                                                                      • Successful, ratio: 96%
                                                                                                                                                                                                                                                                      • Number of executed functions: 50
                                                                                                                                                                                                                                                                      • Number of non-executed functions: 290
                                                                                                                                                                                                                                                                      Cookbook Comments:
                                                                                                                                                                                                                                                                      • Found application associated with file extension: .exe

                                                                                                                                                                                                                                                                      Warnings

                                                                                                                                                                                                                                                                      • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
                                                                                                                                                                                                                                                                      • Excluded IPs from analysis (whitelisted): 54.149.231.17, 34.209.229.249, 52.32.237.164, 172.217.17.42, 172.217.17.74, 172.217.17.46, 88.221.134.155, 88.221.134.209
                                                                                                                                                                                                                                                                      • Excluded domains from analysis (whitelisted): client.wns.windows.com, fs.microsoft.com, shavar.prod.mozaws.net, ciscobinary.openh264.org, otelrules.azureedge.net, slscr.update.microsoft.com, incoming.telemetry.mozilla.org, ctldl.windowsupdate.com, a17.rackcdn.com.mdc.edgesuite.net, detectportal.prod.mozaws.net, aus5.mozilla.org, fe3cr.delivery.mp.microsoft.com, a19.dscg10.akamai.net, ocsp.digicert.com, redirector.gvt1.com, login.live.com, safebrowsing.googleapis.com, location.services.mozilla.com
                                                                                                                                                                                                                                                                      • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                                                                                                                                      • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                                                                                                                                                                      • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                                                                                                                                                                                                                      • Report size getting too big, too many NtCreateFile calls found.
                                                                                                                                                                                                                                                                      • Report size getting too big, too many NtOpenFile calls found.
                                                                                                                                                                                                                                                                      • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                                                                                                                                      • Report size getting too big, too many NtQueryValueKey calls found.

                                                                                                                                                                                                                                                                      Simulations

                                                                                                                                                                                                                                                                      Behavior and APIs

                                                                                                                                                                                                                                                                      TimeTypeDescription
                                                                                                                                                                                                                                                                      01:37:21API Interceptor1x Sleep call for process: firefox.exe modified

                                                                                                                                                                                                                                                                      Joe Sandbox View / Context

                                                                                                                                                                                                                                                                      IPs

                                                                                                                                                                                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                                      34.117.188.166file.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                        file.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                          file.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                            file.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                              file.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                file.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                  file.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                    file.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                        file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                          151.101.1.91file.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                            file.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                              file.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                  file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                    file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                        file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                          file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                            file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                              34.149.100.209file.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                file.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                  file.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                    file.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                        file.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                          file.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                            file.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                              file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                  34.160.144.191file.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                    file.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                        file.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                          file.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                            file.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                              file.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                                file.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                                  file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                    file.exeGet hashmaliciousCredential FlusherBrowse

                                                                                                                                                                                                                                                                                                                                                      Domains

                                                                                                                                                                                                                                                                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                                                                                                                      example.orgfile.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                                      • 93.184.215.14
                                                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                                      • 93.184.215.14
                                                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                                      • 93.184.215.14
                                                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                                      • 93.184.215.14
                                                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                                      • 93.184.215.14
                                                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                                      • 93.184.215.14
                                                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                                      • 93.184.215.14
                                                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                                      • 93.184.215.14
                                                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                      • 93.184.215.14
                                                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                      • 93.184.215.14
                                                                                                                                                                                                                                                                                                                                                      star-mini.c10r.facebook.comfile.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                                      • 157.240.196.35
                                                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                                      • 157.240.196.35
                                                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                                      • 157.240.196.35
                                                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                                      • 157.240.196.35
                                                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                                      • 157.240.195.35
                                                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                                      • 157.240.195.35
                                                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                                      • 157.240.196.35
                                                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                                      • 157.240.196.35
                                                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                      • 157.240.195.35
                                                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                      • 157.240.196.35
                                                                                                                                                                                                                                                                                                                                                      twitter.comfile.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                                      • 104.244.42.1
                                                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                                      • 104.244.42.193
                                                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                                      • 104.244.42.193
                                                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                                      • 104.244.42.193
                                                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                                      • 104.244.42.65
                                                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                                      • 104.244.42.65
                                                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                                      • 104.244.42.65
                                                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                                      • 104.244.42.129
                                                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                      • 104.244.42.193

                                                                                                                                                                                                                                                                                                                                                      ASNs

                                                                                                                                                                                                                                                                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                                                                                                                      FASTLYUShttp://demo.specialistbanking.co.uk/ad.PDFGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                                      • 151.101.2.137
                                                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                                      • 151.101.1.91
                                                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                                      • 151.101.193.91
                                                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                                      • 151.101.65.91
                                                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                                      • 151.101.65.91
                                                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                                      • 151.101.1.91
                                                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                                      • 151.101.1.91
                                                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                                      • 151.101.129.91
                                                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                                      • 151.101.193.91
                                                                                                                                                                                                                                                                                                                                                      https://wixauth-processing.es/wp/vite-react-web.vercel.app.htmlGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                                      • 151.101.194.137
                                                                                                                                                                                                                                                                                                                                                      GOOGLE-AS-APGoogleAsiaPacificPteLtdSGfile.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                                      • 34.117.188.166
                                                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                                      • 34.117.188.166
                                                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                                      • 34.117.188.166
                                                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                                      • 34.117.188.166
                                                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                                      • 34.117.188.166
                                                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                                      • 34.117.188.166
                                                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                                      • 34.117.188.166
                                                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                                      • 34.117.188.166
                                                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                      • 34.117.188.166
                                                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                      • 34.117.188.166
                                                                                                                                                                                                                                                                                                                                                      ATGS-MMD-ASUShttp://demo.specialistbanking.co.uk/ad.PDFGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                                      • 34.49.212.111
                                                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                                      • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousAmadey, Discord Token Stealer, LummaC Stealer, Nymaim, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                                                                                                      • 34.159.64.221
                                                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                                      • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                                      sora.mpsl.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                                                                                                                      • 57.192.215.250
                                                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                                      • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                                      • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                                      teste.x86.elfGet hashmaliciousMirai, Moobot, OkiruBrowse
                                                                                                                                                                                                                                                                                                                                                      • 57.49.207.50
                                                                                                                                                                                                                                                                                                                                                      teste.arm7.elfGet hashmaliciousMirai, Moobot, OkiruBrowse
                                                                                                                                                                                                                                                                                                                                                      • 32.88.193.35
                                                                                                                                                                                                                                                                                                                                                      teste.arm.elfGet hashmaliciousGafgyt, Mirai, Moobot, OkiruBrowse
                                                                                                                                                                                                                                                                                                                                                      • 48.11.230.160

                                                                                                                                                                                                                                                                                                                                                      JA3 Fingerprints

                                                                                                                                                                                                                                                                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                                                                                                                      fb0aa01abe9d8e4037eb3473ca6e2dcafile.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                                      • 35.244.181.201
                                                                                                                                                                                                                                                                                                                                                      • 34.149.100.209
                                                                                                                                                                                                                                                                                                                                                      • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                                      • 34.120.208.123
                                                                                                                                                                                                                                                                                                                                                      • 151.101.1.91
                                                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                                      • 35.244.181.201
                                                                                                                                                                                                                                                                                                                                                      • 34.149.100.209
                                                                                                                                                                                                                                                                                                                                                      • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                                      • 34.120.208.123
                                                                                                                                                                                                                                                                                                                                                      • 151.101.1.91
                                                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                                      • 35.244.181.201
                                                                                                                                                                                                                                                                                                                                                      • 34.149.100.209
                                                                                                                                                                                                                                                                                                                                                      • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                                      • 34.120.208.123
                                                                                                                                                                                                                                                                                                                                                      • 151.101.1.91
                                                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                                      • 35.244.181.201
                                                                                                                                                                                                                                                                                                                                                      • 34.149.100.209
                                                                                                                                                                                                                                                                                                                                                      • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                                      • 34.120.208.123
                                                                                                                                                                                                                                                                                                                                                      • 151.101.1.91
                                                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                                      • 35.244.181.201
                                                                                                                                                                                                                                                                                                                                                      • 34.149.100.209
                                                                                                                                                                                                                                                                                                                                                      • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                                      • 34.120.208.123
                                                                                                                                                                                                                                                                                                                                                      • 151.101.1.91
                                                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                                      • 35.244.181.201
                                                                                                                                                                                                                                                                                                                                                      • 34.149.100.209
                                                                                                                                                                                                                                                                                                                                                      • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                                      • 34.120.208.123
                                                                                                                                                                                                                                                                                                                                                      • 151.101.1.91
                                                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                                      • 35.244.181.201
                                                                                                                                                                                                                                                                                                                                                      • 34.149.100.209
                                                                                                                                                                                                                                                                                                                                                      • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                                      • 34.120.208.123
                                                                                                                                                                                                                                                                                                                                                      • 151.101.1.91
                                                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                                      • 35.244.181.201
                                                                                                                                                                                                                                                                                                                                                      • 34.149.100.209
                                                                                                                                                                                                                                                                                                                                                      • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                                      • 34.120.208.123
                                                                                                                                                                                                                                                                                                                                                      • 151.101.1.91
                                                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                      • 35.244.181.201
                                                                                                                                                                                                                                                                                                                                                      • 34.149.100.209
                                                                                                                                                                                                                                                                                                                                                      • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                                      • 34.120.208.123
                                                                                                                                                                                                                                                                                                                                                      • 151.101.1.91
                                                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                      • 35.244.181.201
                                                                                                                                                                                                                                                                                                                                                      • 34.149.100.209
                                                                                                                                                                                                                                                                                                                                                      • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                                      • 34.120.208.123
                                                                                                                                                                                                                                                                                                                                                      • 151.101.1.91

                                                                                                                                                                                                                                                                                                                                                      Dropped Files

                                                                                                                                                                                                                                                                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll (copy)file.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                                        file.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                                          file.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                                            file.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                                              file.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                                                file.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                                                  file.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                                                    file.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                                        file.exeGet hashmaliciousCredential FlusherBrowse

                                                                                                                                                                                                                                                                                                                                                                          Created / dropped Files

                                                                                                                                                                                                                                                                                                                                                                          C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\uninstall_ping_308046B0AF4A39CB_4a201142-1e68-4934-b221-417db6f61dd5.json (copy)

                                                                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                                                                          Size (bytes):7813
                                                                                                                                                                                                                                                                                                                                                                          Entropy (8bit):5.1740831945447106
                                                                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                          SSDEEP:192:eKMXIKFcbhbVbTbfbRbObtbyEl7nQr+JA6wnSrDtTkd/SI:ePNcNhnzFSJwrdjnSrDhkd/5
                                                                                                                                                                                                                                                                                                                                                                          MD5:6B2D87611E91D314B6A323F6C5D93489
                                                                                                                                                                                                                                                                                                                                                                          SHA1:95BDF66550708931B161E495CF7F5CF0A11E1C42
                                                                                                                                                                                                                                                                                                                                                                          SHA-256:1D06CFB21E2BE797D7113FF8E09D5DB44E22FE602C47CF5E88624EE4B5585A6E
                                                                                                                                                                                                                                                                                                                                                                          SHA-512:F8AFD9A546F0D044B77CF5F888E004E2B6CFF753FC82D053399536EF37FE13132CE00097959AE2D9426EE842E52A8D121DD949F12C6D0D676615C46532A0B710
                                                                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                                                                          Preview:{"type":"uninstall","id":"4a201142-1e68-4934-b221-417db6f61dd5","creationDate":"2024-12-02T08:22:45.179Z","version":4,"application":{"architecture":"x86-64","buildId":"20230927232528","name":"Firefox","version":"118.0.1","displayVersion":"118.0.1","vendor":"Mozilla","platformVersion":"118.0.1","xpcomAbi":"x86_64-msvc","channel":"release"},"payload":{"otherInstalls":0},"clientId":"1fca7bd2-7b44-4c45-b0ea-e0486850ce95","environment":{"build":{"applicationId":"{ec8030f7-c20a-464f-9b0e-13a3a9e97384}","applicationName":"Firefox","architecture":"x86-64","buildId":"20230927232528","version":"118.0.1","vendor":"Mozilla","displayVersion":"118.0.1","platformVersion":"118.0.1","xpcomAbi":"x86_64-msvc","updaterAvailable":true},"partner":{"distributionId":null,"distributionVersion":null,"partnerId":null,"distributor":null,"distributorChannel":null,"partnerNames":[]},"system":{"memoryMB":8191,"virtualMaxMB":134217728,"cpu":{"isWindowsSMode":false,"count":4,"cores":2,"vendor":"GenuineIntel","name":"I

                                                                                                                                                                                                                                                                                                                                                                          C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\uninstall_ping_308046B0AF4A39CB_4a201142-1e68-4934-b221-417db6f61dd5.json.tmp

                                                                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                                                                          Size (bytes):7813
                                                                                                                                                                                                                                                                                                                                                                          Entropy (8bit):5.1740831945447106
                                                                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                          SSDEEP:192:eKMXIKFcbhbVbTbfbRbObtbyEl7nQr+JA6wnSrDtTkd/SI:ePNcNhnzFSJwrdjnSrDhkd/5
                                                                                                                                                                                                                                                                                                                                                                          MD5:6B2D87611E91D314B6A323F6C5D93489
                                                                                                                                                                                                                                                                                                                                                                          SHA1:95BDF66550708931B161E495CF7F5CF0A11E1C42
                                                                                                                                                                                                                                                                                                                                                                          SHA-256:1D06CFB21E2BE797D7113FF8E09D5DB44E22FE602C47CF5E88624EE4B5585A6E
                                                                                                                                                                                                                                                                                                                                                                          SHA-512:F8AFD9A546F0D044B77CF5F888E004E2B6CFF753FC82D053399536EF37FE13132CE00097959AE2D9426EE842E52A8D121DD949F12C6D0D676615C46532A0B710
                                                                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                                                                          Preview:{"type":"uninstall","id":"4a201142-1e68-4934-b221-417db6f61dd5","creationDate":"2024-12-02T08:22:45.179Z","version":4,"application":{"architecture":"x86-64","buildId":"20230927232528","name":"Firefox","version":"118.0.1","displayVersion":"118.0.1","vendor":"Mozilla","platformVersion":"118.0.1","xpcomAbi":"x86_64-msvc","channel":"release"},"payload":{"otherInstalls":0},"clientId":"1fca7bd2-7b44-4c45-b0ea-e0486850ce95","environment":{"build":{"applicationId":"{ec8030f7-c20a-464f-9b0e-13a3a9e97384}","applicationName":"Firefox","architecture":"x86-64","buildId":"20230927232528","version":"118.0.1","vendor":"Mozilla","displayVersion":"118.0.1","platformVersion":"118.0.1","xpcomAbi":"x86_64-msvc","updaterAvailable":true},"partner":{"distributionId":null,"distributionVersion":null,"partnerId":null,"distributor":null,"distributorChannel":null,"partnerNames":[]},"system":{"memoryMB":8191,"virtualMaxMB":134217728,"cpu":{"isWindowsSMode":false,"count":4,"cores":2,"vendor":"GenuineIntel","name":"I

                                                                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\mozilla-temp-files\mozilla-temp-41

                                                                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                          File Type:ISO Media, MP4 Base Media v1 [ISO 14496-12:2003]
                                                                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                                                                          Size (bytes):32768
                                                                                                                                                                                                                                                                                                                                                                          Entropy (8bit):0.4593089050301797
                                                                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                          SSDEEP:48:9SP0nUgwyZXYI65yFRX2D3GNTTfyn0Mk1iA:9SDKaIjo3UzyE1L
                                                                                                                                                                                                                                                                                                                                                                          MD5:D910AD167F0217587501FDCDB33CC544
                                                                                                                                                                                                                                                                                                                                                                          SHA1:2F57441CEFDC781011B53C1C5D29AC54835AFC1D
                                                                                                                                                                                                                                                                                                                                                                          SHA-256:E3699D9404A3FFC1AFF0CA8A3972DC0EF38BDAB927741E9F627C7C55CEA42E81
                                                                                                                                                                                                                                                                                                                                                                          SHA-512:F1871BF28FF25EE52BDB99C7A80AB715C7CAC164DCD2FD87E681168EE927FD2C5E80E03C91BB638D955A4627213BF575FF4D9EECAEDA7718C128CF2CE8F7CB3D
                                                                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                                                                          Preview:... ftypisom....isomiso2avc1mp41....free....mdat..........E...H..,. .#..x264 - core 152 r2851 ba24899 - H.264/MPEG-4 AVC codec - Copyleft 2003-2017 - http://www.videolan.org/x264.html - options: cabac=1 ref=3 deblock=1:0:0 analyse=0x3:0x113 me=hex subme=7 psy=1 psy_rd=1.00:0.00 mixed_ref=1 me_range=16 chroma_me=1 trellis=1 8x8dct=1 cqm=0 deadzone=21,11 fast_pskip=1 chroma_qp_offset=-2 threads=4 lookahead_threads=1 sliced_threads=0 nr=0 decimate=1 interlaced=0 bluray_compat=0 constrained_intra=0 bframes=3 b_pyramid=2 b_adapt=1 b_bias=0 direct=1 weightb=1 open_gop=0 weightp=2 keyint=250 keyint_min=25 scenecut=40 intra_refresh=0 rc_lookahead=40 rc=crf mbtree=1 crf=23.0 qcomp=0.60 qpmin=0 qpmax=69 qpstep=4 ip_ratio=1.40 aq=1:1.00......e...+...s|.kG3...'.u.."...,J.w.~.d\..(K....!.+..;....h....(.T.*...M......0..~L..8..B..A.y..R..,.zBP.';j.@.].w..........c......C=.'f....gI.$^.......m5V.L...{U..%V[....8......B..i..^,....:...,..5.m.%dA....moov...lmvhd...................(...........

                                                                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\tmpaddon

                                                                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                          File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                                                                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                                                                          Size (bytes):453023
                                                                                                                                                                                                                                                                                                                                                                          Entropy (8bit):7.997718157581587
                                                                                                                                                                                                                                                                                                                                                                          Encrypted:true
                                                                                                                                                                                                                                                                                                                                                                          SSDEEP:12288:tESTeqTI2r4ZbCgUKWKNeRcPMb6qlV7hVZe3:tEsed2Xh9/bdzZe3
                                                                                                                                                                                                                                                                                                                                                                          MD5:85430BAED3398695717B0263807CF97C
                                                                                                                                                                                                                                                                                                                                                                          SHA1:FFFBEE923CEA216F50FCE5D54219A188A5100F41
                                                                                                                                                                                                                                                                                                                                                                          SHA-256:A9F4281F82B3579581C389E8583DC9F477C7FD0E20C9DFC91A2E611E21E3407E
                                                                                                                                                                                                                                                                                                                                                                          SHA-512:06511F1F6C6D44D076B3C593528C26A602348D9C41689DBF5FF716B671C3CA5756B12CB2E5869F836DEDCE27B1A5CFE79B93C707FD01F8E84B620923BB61B5F1
                                                                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                                                                          Preview:PK.........bN...R..........gmpopenh264.dll..|.E.0.=..I.....1....4f1q.`.........q.....'+....h*m{.z..o_.{w........$..($A!...|L...B&A2.s.{..Dd......c.U.U..9u.S...K.l`...../.d.-....|.....&....9......wn..x......i.#O.+.Y.l......+....,3.3f..\..c.SSS,............N...GG...F.'.&.:'.K.Z&.>.@.g..M...M.`...*.........ZR....^jg.G.Kb.o~va.....<Z..1.#.O.e.....D..X..i..$imBW..Q&.......P.....,M.,..:.c...-...\......*.....-i.K.I..4.a..6..*...Ov=...W..F.CH.>...a.'.x...#@f...d..u.1....OV.1o}....g.5.._.3.J.Hi.Z.ipM....b.Z....%.G..F................/..3.q..J.....o...%.g.N.*.}..).3.N%.!..q*........^I.m..~...6.#.~+.....A...I]r...x..*.<IYj....p0..`S.M@.E..f.=.;!.@.....E..E....... .0.n....Jd..d......uM.-.qI.lR..z..=}..r.D.XLZ....x.$..|c.1.cUkM.&.Qn]..a]t.h..*.!.6 7..Jd.DvKJ"Wgd*%n...w...Jni.inmr.@M.$'Z.s....#)%..Rs..:.h....R....\..t.6..'.g.........Uj+F.cr:|..!..K.W.Y...17......,....r.....>.N..3.R.Y.._\...Ir.DNJdM... .k...&V-....z.%...-...D..i..&...6....7.2T).>..0..%.&.

                                                                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\ExperimentStoreData.json (copy)

                                                                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                                                                          Size (bytes):3621
                                                                                                                                                                                                                                                                                                                                                                          Entropy (8bit):4.921217527428861
                                                                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                          SSDEEP:48:YnSwkmrOVPUFRbOdwNIOdoWLEWLtkDZuwpx5FBvipA6kb92the6LuhakNq9Gfxeh:8S+OVPUFRbOdwNIOdYpjvY1Q6LFG8P
                                                                                                                                                                                                                                                                                                                                                                          MD5:8B0A51C4803AE0928F207B20CD918AB1
                                                                                                                                                                                                                                                                                                                                                                          SHA1:68C9AC5CA000F94546521EEB489B295AD6182A2E
                                                                                                                                                                                                                                                                                                                                                                          SHA-256:7390C96482932593ABAD219B2FA0AF1EF365ED0A7635C54C26BBA530055DC065
                                                                                                                                                                                                                                                                                                                                                                          SHA-512:D02B37236DB7CFF7A3795A1403438A0D0E9BC9D62EC0D1AD38931B527498A6AC86EF51004A9CB217A235F47BD7ACAD7727F02698BA4D104CC41208D58EA920C0
                                                                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                                                                          Preview:{"csv-import-release-rollout":{"slug":"csv-import-release-rollout","branch":{"slug":"enable-csv-import","ratio":1,"feature":{"value":{},"enabled":false,"featureId":"this-is-included-for-desktop-pre-95-support"},"features":[{"value":{"csvImport":true},"enabled":true,"featureId":"cm-csv-import"}]},"active":true,"enrollmentId":"3ba649bc-be47-4b92-8762-21cab57bda3b","experimentType":"rollout","source":"rs-loader","userFacingName":"CSV Import (Release Rollout)","userFacingDescription":"This rollout enables users to import logins from a CSV file from the about:logins page.","lastSeen":"2023-10-04T13:40:33.697Z","featureIds":["cm-csv-import"],"prefs":[{"name":"signon.management.page.fileImport.enabled","branch":"default","featureId":"cm-csv-import","variable":"csvImport","originalValue":false}],"isRollout":true},"serp-ad-telemetry-rollout":{"slug":"serp-ad-telemetry-rollout","branch":{"slug":"control","ratio":1,"feature":{"value":{},"enabled":false,"featureId":"this-is-included-for-desktop-pr

                                                                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\ExperimentStoreData.json.tmp

                                                                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                                                                          Size (bytes):3621
                                                                                                                                                                                                                                                                                                                                                                          Entropy (8bit):4.921217527428861
                                                                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                          SSDEEP:48:YnSwkmrOVPUFRbOdwNIOdoWLEWLtkDZuwpx5FBvipA6kb92the6LuhakNq9Gfxeh:8S+OVPUFRbOdwNIOdYpjvY1Q6LFG8P
                                                                                                                                                                                                                                                                                                                                                                          MD5:8B0A51C4803AE0928F207B20CD918AB1
                                                                                                                                                                                                                                                                                                                                                                          SHA1:68C9AC5CA000F94546521EEB489B295AD6182A2E
                                                                                                                                                                                                                                                                                                                                                                          SHA-256:7390C96482932593ABAD219B2FA0AF1EF365ED0A7635C54C26BBA530055DC065
                                                                                                                                                                                                                                                                                                                                                                          SHA-512:D02B37236DB7CFF7A3795A1403438A0D0E9BC9D62EC0D1AD38931B527498A6AC86EF51004A9CB217A235F47BD7ACAD7727F02698BA4D104CC41208D58EA920C0
                                                                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                                                                          Preview:{"csv-import-release-rollout":{"slug":"csv-import-release-rollout","branch":{"slug":"enable-csv-import","ratio":1,"feature":{"value":{},"enabled":false,"featureId":"this-is-included-for-desktop-pre-95-support"},"features":[{"value":{"csvImport":true},"enabled":true,"featureId":"cm-csv-import"}]},"active":true,"enrollmentId":"3ba649bc-be47-4b92-8762-21cab57bda3b","experimentType":"rollout","source":"rs-loader","userFacingName":"CSV Import (Release Rollout)","userFacingDescription":"This rollout enables users to import logins from a CSV file from the about:logins page.","lastSeen":"2023-10-04T13:40:33.697Z","featureIds":["cm-csv-import"],"prefs":[{"name":"signon.management.page.fileImport.enabled","branch":"default","featureId":"cm-csv-import","variable":"csvImport","originalValue":false}],"isRollout":true},"serp-ad-telemetry-rollout":{"slug":"serp-ad-telemetry-rollout","branch":{"slug":"control","ratio":1,"feature":{"value":{},"enabled":false,"featureId":"this-is-included-for-desktop-pr

                                                                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\addonStartup.json.lz4 (copy)

                                                                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                          File Type:Mozilla lz4 compressed data, originally 22422 bytes
                                                                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                                                                          Size (bytes):5308
                                                                                                                                                                                                                                                                                                                                                                          Entropy (8bit):6.599374203470186
                                                                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                          SSDEEP:96:z2YbKsKNU2xWrp327tGmD4wBON6h6cHAHJVauvjZHjkTymdS1/qTMg6Uhm:zTx2x2t0FDJ4NpkuvjdeplTMohm
                                                                                                                                                                                                                                                                                                                                                                          MD5:EB56C2F4DA9435F3D5574161F414CD17
                                                                                                                                                                                                                                                                                                                                                                          SHA1:74A8FC3EC0559740FD9D835B638354985E2DEAB6
                                                                                                                                                                                                                                                                                                                                                                          SHA-256:394E803D5FF8E156DFA7D15E96B51A683F4624A1BCF88EAA532399AC2C9B0966
                                                                                                                                                                                                                                                                                                                                                                          SHA-512:DF90568D191C757392FB85BDDA5333C7FE7E3BB370C5DE8C50DD810B938D732E39B5608FB4494CAADAE99E1601989FDFC0FEBDCF70F27FFE581F904170A81E0F
                                                                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                                                                          Preview:mozLz40..W....{"app-system-defaults":{"addon....formautofill@mozilla.org&..Gdependencies":[],"enabled":true,"lastModifiedTime":1695865283000,"loader":null,"path":s.....xpi","recommendationStateA...rootURI":"jar:file:///C:/Program%20Files/M.......refox/browser/features/...... !/...unInSafeMode..wsignedD...telemetryKey..7%40R...:1.0.1","version":"..`},"pic..#in.....T.n..w...........S.......(.[......0....0"},"screenshots..T.r.....[.......(.V....-39.......},"webcompat-reporter...Ofals..&.z.....[.......(.]....=1.5.............<.)....p....d......1.z.!18...5.....startupData...pX.astentL..!er...webRequest%..onBefore...[[{"incognitoi.UtabId..!yp...."main_frame"],"url...."*://login.microsoftonline.com/*","..@us/*L.dwindows...},["blocking"]],...Iimag...https://smartT.".f.....etp/facebook.svg",...Aplay*....8`script...P.....-....-testbed.herokuapp\.`shims_..3.jsh.bexampl|.......Pexten{..Q../?..s...S.J/_2..@&_3U..s7.addthis . ic...officialK......-angularjs/current/dist(..t.min.js...track.adB...net/s

                                                                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\addonStartup.json.lz4.tmp

                                                                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                          File Type:Mozilla lz4 compressed data, originally 22422 bytes
                                                                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                                                                          Size (bytes):5308
                                                                                                                                                                                                                                                                                                                                                                          Entropy (8bit):6.599374203470186
                                                                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                          SSDEEP:96:z2YbKsKNU2xWrp327tGmD4wBON6h6cHAHJVauvjZHjkTymdS1/qTMg6Uhm:zTx2x2t0FDJ4NpkuvjdeplTMohm
                                                                                                                                                                                                                                                                                                                                                                          MD5:EB56C2F4DA9435F3D5574161F414CD17
                                                                                                                                                                                                                                                                                                                                                                          SHA1:74A8FC3EC0559740FD9D835B638354985E2DEAB6
                                                                                                                                                                                                                                                                                                                                                                          SHA-256:394E803D5FF8E156DFA7D15E96B51A683F4624A1BCF88EAA532399AC2C9B0966
                                                                                                                                                                                                                                                                                                                                                                          SHA-512:DF90568D191C757392FB85BDDA5333C7FE7E3BB370C5DE8C50DD810B938D732E39B5608FB4494CAADAE99E1601989FDFC0FEBDCF70F27FFE581F904170A81E0F
                                                                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                                                                          Preview:mozLz40..W....{"app-system-defaults":{"addon....formautofill@mozilla.org&..Gdependencies":[],"enabled":true,"lastModifiedTime":1695865283000,"loader":null,"path":s.....xpi","recommendationStateA...rootURI":"jar:file:///C:/Program%20Files/M.......refox/browser/features/...... !/...unInSafeMode..wsignedD...telemetryKey..7%40R...:1.0.1","version":"..`},"pic..#in.....T.n..w...........S.......(.[......0....0"},"screenshots..T.r.....[.......(.V....-39.......},"webcompat-reporter...Ofals..&.z.....[.......(.]....=1.5.............<.)....p....d......1.z.!18...5.....startupData...pX.astentL..!er...webRequest%..onBefore...[[{"incognitoi.UtabId..!yp...."main_frame"],"url...."*://login.microsoftonline.com/*","..@us/*L.dwindows...},["blocking"]],...Iimag...https://smartT.".f.....etp/facebook.svg",...Aplay*....8`script...P.....-....-testbed.herokuapp\.`shims_..3.jsh.bexampl|.......Pexten{..Q../?..s...S.J/_2..@&_3U..s7.addthis . ic...officialK......-angularjs/current/dist(..t.min.js...track.adB...net/s

                                                                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\addons.json (copy)

                                                                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                                                                          Size (bytes):24
                                                                                                                                                                                                                                                                                                                                                                          Entropy (8bit):3.91829583405449
                                                                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                          SSDEEP:3:YWGifTJE6iHQ:YWGif9EE
                                                                                                                                                                                                                                                                                                                                                                          MD5:3088F0272D29FAA42ED452C5E8120B08
                                                                                                                                                                                                                                                                                                                                                                          SHA1:C72AA542EF60AFA3DF5DFE1F9FCC06C0B135BE23
                                                                                                                                                                                                                                                                                                                                                                          SHA-256:D587CEC944023447DC91BC5F71E2291711BA5ADD337464837909A26F34BC5A06
                                                                                                                                                                                                                                                                                                                                                                          SHA-512:B662414EDD6DEF8589304904263584847586ECCA0B0E6296FB3ADB2192D92FB48697C99BD27C4375D192150E3F99102702AF2391117FFF50A9763C74C193D798
                                                                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                                                                          Preview:{"schema":6,"addons":[]}

                                                                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\addons.json.tmp

                                                                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                                                                          Size (bytes):24
                                                                                                                                                                                                                                                                                                                                                                          Entropy (8bit):3.91829583405449
                                                                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                          SSDEEP:3:YWGifTJE6iHQ:YWGif9EE
                                                                                                                                                                                                                                                                                                                                                                          MD5:3088F0272D29FAA42ED452C5E8120B08
                                                                                                                                                                                                                                                                                                                                                                          SHA1:C72AA542EF60AFA3DF5DFE1F9FCC06C0B135BE23
                                                                                                                                                                                                                                                                                                                                                                          SHA-256:D587CEC944023447DC91BC5F71E2291711BA5ADD337464837909A26F34BC5A06
                                                                                                                                                                                                                                                                                                                                                                          SHA-512:B662414EDD6DEF8589304904263584847586ECCA0B0E6296FB3ADB2192D92FB48697C99BD27C4375D192150E3F99102702AF2391117FFF50A9763C74C193D798
                                                                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                                                                          Preview:{"schema":6,"addons":[]}

                                                                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\content-prefs.sqlite

                                                                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                          File Type:SQLite 3.x database, user version 5, last written using SQLite version 3042000, page size 32768, file counter 4, database pages 8, cookie 0x6, schema 4, largest root page 8, UTF-8, vacuum mode 1, version-valid-for 4
                                                                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                                                                          Size (bytes):262144
                                                                                                                                                                                                                                                                                                                                                                          Entropy (8bit):0.04905141882491872
                                                                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                          SSDEEP:24:DLSvwae+Q8Uu50xj0aWe9LxYkKA25Q5tvAA:DKwae+QtMImelekKDa5
                                                                                                                                                                                                                                                                                                                                                                          MD5:8736A542C5564A922C47B19D9CC5E0F2
                                                                                                                                                                                                                                                                                                                                                                          SHA1:CE9D58967DA9B5356D6C1D8A482F9CE74DA9097A
                                                                                                                                                                                                                                                                                                                                                                          SHA-256:97CE5D8AFBB0AA610219C4FAC3927E32C91BFFD9FD971AF68C718E7B27E40077
                                                                                                                                                                                                                                                                                                                                                                          SHA-512:99777325893DC7A95FD49B2DA18D32D65F97CC7A8E482D78EDC32F63245457FA5A52750800C074D552D20B6A215604161FDC88763D93C76A8703470C3064196B
                                                                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                                                                          Preview:SQLite format 3......@ ..........................................................................j......|....~.}.}z}-|.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\crashes\store.json.mozlz4 (copy)

                                                                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                          File Type:Mozilla lz4 compressed data, originally 56 bytes
                                                                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                                                                          Size (bytes):66
                                                                                                                                                                                                                                                                                                                                                                          Entropy (8bit):4.837595020998689
                                                                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                          SSDEEP:3:3fX/xH8IXl/I3v0lb7iioW:vXpH1RPXt
                                                                                                                                                                                                                                                                                                                                                                          MD5:A6338865EB252D0EF8FCF11FA9AF3F0D
                                                                                                                                                                                                                                                                                                                                                                          SHA1:CECDD4C4DCAE10C2FFC8EB938121B6231DE48CD3
                                                                                                                                                                                                                                                                                                                                                                          SHA-256:078648C042B9B08483CE246B7F01371072541A2E90D1BEB0C8009A6118CBD965
                                                                                                                                                                                                                                                                                                                                                                          SHA-512:D950227AC83F4E8246D73F9F35C19E88CE65D0CA5F1EF8CCBB02ED6EFC66B1B7E683E2BA0200279D7CA4B49831FD8C3CEB0584265B10ACCFF2611EC1CA8C0C6C
                                                                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                                                                          Preview:mozLz40.8.....{"v":1,"crashes":{},"countsByDay....rruptDate":null}

                                                                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\crashes\store.json.mozlz4.tmp

                                                                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                          File Type:Mozilla lz4 compressed data, originally 56 bytes
                                                                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                                                                          Size (bytes):66
                                                                                                                                                                                                                                                                                                                                                                          Entropy (8bit):4.837595020998689
                                                                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                          SSDEEP:3:3fX/xH8IXl/I3v0lb7iioW:vXpH1RPXt
                                                                                                                                                                                                                                                                                                                                                                          MD5:A6338865EB252D0EF8FCF11FA9AF3F0D
                                                                                                                                                                                                                                                                                                                                                                          SHA1:CECDD4C4DCAE10C2FFC8EB938121B6231DE48CD3
                                                                                                                                                                                                                                                                                                                                                                          SHA-256:078648C042B9B08483CE246B7F01371072541A2E90D1BEB0C8009A6118CBD965
                                                                                                                                                                                                                                                                                                                                                                          SHA-512:D950227AC83F4E8246D73F9F35C19E88CE65D0CA5F1EF8CCBB02ED6EFC66B1B7E683E2BA0200279D7CA4B49831FD8C3CEB0584265B10ACCFF2611EC1CA8C0C6C
                                                                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                                                                          Preview:mozLz40.8.....{"v":1,"crashes":{},"countsByDay....rruptDate":null}

                                                                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\extensions.json (copy)

                                                                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                                                                          Size (bytes):36830
                                                                                                                                                                                                                                                                                                                                                                          Entropy (8bit):5.1867463390487
                                                                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                          SSDEEP:768:JI4avfWX94O6L4x4ME454N4ohvM4T4Pia4T4I4t54U:JI4KvG
                                                                                                                                                                                                                                                                                                                                                                          MD5:98875950B62B398FFE70C0A8D0998017
                                                                                                                                                                                                                                                                                                                                                                          SHA1:CFCFFF938402E53D341FE392E25D2E6C557E548F
                                                                                                                                                                                                                                                                                                                                                                          SHA-256:1B445C7E12712026D4E663426527CE58FD221D2E26545AEA699E67D60F16E7F0
                                                                                                                                                                                                                                                                                                                                                                          SHA-512:728FF6FF915A45B44D720F41F9545F41F1BF5FB218D58073BD27DB19145D2225488988BE80FB0F712922D7B661E1A64448E3F71F09A1480B6F20BD2480888ABF
                                                                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                                                                          Preview:{"schemaVersion":35,"addons":[{"id":"formautofill@mozilla.org","syncGUID":"{7a5650ac-9a89-4807-a040-9f0832bf39a9}","version":"1.0.1","type":"extension","loader":null,"updateURL":null,"installOrigins":null,"manifestVersion":2,"optionsURL":null,"optionsType":null,"optionsBrowserStyle":true,"aboutURL":null,"defaultLocale":{"name":"Form Autofill","creator":null,"developers":null,"translators":null,"contributors":null},"visible":true,"active":true,"userDisabled":false,"appDisabled":false,"embedderDisabled":false,"installDate":1695865283000,"updateDate":1695865283000,"applyBackgroundUpdates":1,"path":"C:\\Program Files\\Mozilla Firefox\\browser\\features\\formautofill@mozilla.org.xpi","skinnable":false,"sourceURI":null,"releaseNotesURI":null,"softDisabled":false,"foreignInstall":false,"strictCompatibility":true,"locales":[],"targetApplications":[{"id":"toolkit@mozilla.org","minVersion":null,"maxVersion":null}],"targetPlatforms":[],"signedDate":null,"seen":true,"dependencies":[],"incognito":"

                                                                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\extensions.json.tmp

                                                                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                                                                          Size (bytes):36830
                                                                                                                                                                                                                                                                                                                                                                          Entropy (8bit):5.1867463390487
                                                                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                          SSDEEP:768:JI4avfWX94O6L4x4ME454N4ohvM4T4Pia4T4I4t54U:JI4KvG
                                                                                                                                                                                                                                                                                                                                                                          MD5:98875950B62B398FFE70C0A8D0998017
                                                                                                                                                                                                                                                                                                                                                                          SHA1:CFCFFF938402E53D341FE392E25D2E6C557E548F
                                                                                                                                                                                                                                                                                                                                                                          SHA-256:1B445C7E12712026D4E663426527CE58FD221D2E26545AEA699E67D60F16E7F0
                                                                                                                                                                                                                                                                                                                                                                          SHA-512:728FF6FF915A45B44D720F41F9545F41F1BF5FB218D58073BD27DB19145D2225488988BE80FB0F712922D7B661E1A64448E3F71F09A1480B6F20BD2480888ABF
                                                                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                                                                          Preview:{"schemaVersion":35,"addons":[{"id":"formautofill@mozilla.org","syncGUID":"{7a5650ac-9a89-4807-a040-9f0832bf39a9}","version":"1.0.1","type":"extension","loader":null,"updateURL":null,"installOrigins":null,"manifestVersion":2,"optionsURL":null,"optionsType":null,"optionsBrowserStyle":true,"aboutURL":null,"defaultLocale":{"name":"Form Autofill","creator":null,"developers":null,"translators":null,"contributors":null},"visible":true,"active":true,"userDisabled":false,"appDisabled":false,"embedderDisabled":false,"installDate":1695865283000,"updateDate":1695865283000,"applyBackgroundUpdates":1,"path":"C:\\Program Files\\Mozilla Firefox\\browser\\features\\formautofill@mozilla.org.xpi","skinnable":false,"sourceURI":null,"releaseNotesURI":null,"softDisabled":false,"foreignInstall":false,"strictCompatibility":true,"locales":[],"targetApplications":[{"id":"toolkit@mozilla.org","minVersion":null,"maxVersion":null}],"targetPlatforms":[],"signedDate":null,"seen":true,"dependencies":[],"incognito":"

                                                                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\favicons.sqlite-shm

                                                                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                                                                          Size (bytes):32768
                                                                                                                                                                                                                                                                                                                                                                          Entropy (8bit):0.017262956703125623
                                                                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                          SSDEEP:3:G8lQs2TSlElQs2TtPRp//:G0QjSaQjrpX
                                                                                                                                                                                                                                                                                                                                                                          MD5:B7C14EC6110FA820CA6B65F5AEC85911
                                                                                                                                                                                                                                                                                                                                                                          SHA1:608EEB7488042453C9CA40F7E1398FC1A270F3F4
                                                                                                                                                                                                                                                                                                                                                                          SHA-256:FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
                                                                                                                                                                                                                                                                                                                                                                          SHA-512:D8D75760F29B1E27AC9430BC4F4FFCEC39F1590BE5AEF2BFB5A535850302E067C288EF59CF3B2C5751009A22A6957733F9F80FA18F2B0D33D90C068A3F08F3B0
                                                                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                                                                          Preview:..-.....................................8...5.....-.....................................8...5...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll (copy)

                                                                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                                                                          Size (bytes):1021904
                                                                                                                                                                                                                                                                                                                                                                          Entropy (8bit):6.648417932394748
                                                                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                          SSDEEP:12288:vYLdTfFKbNSjv92eFN+3wH+NYriA0Iq6lh6VawYIpAvwHN/Uf1h47HAfg1oet:vYLdTZ923NYrjwNpgwef1hzfg1x
                                                                                                                                                                                                                                                                                                                                                                          MD5:FE3355639648C417E8307C6D051E3E37
                                                                                                                                                                                                                                                                                                                                                                          SHA1:F54602D4B4778DA21BC97C7238FC66AA68C8EE34
                                                                                                                                                                                                                                                                                                                                                                          SHA-256:1ED7877024BE63A049DA98733FD282C16BD620530A4FB580DACEC3A78ACE914E
                                                                                                                                                                                                                                                                                                                                                                          SHA-512:8F4030BB2464B98ECCBEA6F06EB186D7216932702D94F6B84C56419E9CF65A18309711AB342D1513BF85AED402BC3535A70DB4395874828F0D35C278DD2EAC9C
                                                                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                                                                                          Joe Sandbox View:
                                                                                                                                                                                                                                                                                                                                                                          • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                                          • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                                          • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                                          • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                                          • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                                          • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                                          • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                                          • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                                          • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                                          • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......NH...)...)...)..eM...)..eM...)..eM..)..eM...)...)..i)..XA...)..XA..;)..XA...)...)..g)..cA...)..cA...)..Rich.)..........PE..d....z\.........." .....t................................................................`.........................................P...,...|...(............P...H...z.................T...........................0...................p............................text...$s.......t.................. ..`.rdata...~...........x..............@..@.data....3..........................@....pdata...H...P...J..................@..@.rodata..............^..............@..@.reloc...............j..............@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll.tmp

                                                                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                                                                          Size (bytes):1021904
                                                                                                                                                                                                                                                                                                                                                                          Entropy (8bit):6.648417932394748
                                                                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                          SSDEEP:12288:vYLdTfFKbNSjv92eFN+3wH+NYriA0Iq6lh6VawYIpAvwHN/Uf1h47HAfg1oet:vYLdTZ923NYrjwNpgwef1hzfg1x
                                                                                                                                                                                                                                                                                                                                                                          MD5:FE3355639648C417E8307C6D051E3E37
                                                                                                                                                                                                                                                                                                                                                                          SHA1:F54602D4B4778DA21BC97C7238FC66AA68C8EE34
                                                                                                                                                                                                                                                                                                                                                                          SHA-256:1ED7877024BE63A049DA98733FD282C16BD620530A4FB580DACEC3A78ACE914E
                                                                                                                                                                                                                                                                                                                                                                          SHA-512:8F4030BB2464B98ECCBEA6F06EB186D7216932702D94F6B84C56419E9CF65A18309711AB342D1513BF85AED402BC3535A70DB4395874828F0D35C278DD2EAC9C
                                                                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......NH...)...)...)..eM...)..eM...)..eM..)..eM...)...)..i)..XA...)..XA..;)..XA...)...)..g)..cA...)..cA...)..Rich.)..........PE..d....z\.........." .....t................................................................`.........................................P...,...|...(............P...H...z.................T...........................0...................p............................text...$s.......t.................. ..`.rdata...~...........x..............@..@.data....3..........................@....pdata...H...P...J..................@..@.rodata..............^..............@..@.reloc...............j..............@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info (copy)

                                                                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                                                                          Size (bytes):116
                                                                                                                                                                                                                                                                                                                                                                          Entropy (8bit):4.968220104601006
                                                                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                          SSDEEP:3:C3OuN9RAM7VDXcEzq+rEakOvTMBv+FdBAIABv+FEn:0BDUmHlvAWeWEn
                                                                                                                                                                                                                                                                                                                                                                          MD5:3D33CDC0B3D281E67DD52E14435DD04F
                                                                                                                                                                                                                                                                                                                                                                          SHA1:4DB88689282FD4F9E9E6AB95FCBB23DF6E6485DB
                                                                                                                                                                                                                                                                                                                                                                          SHA-256:F526E9F98841D987606EFEAFF7F3E017BA9FD516C4BE83890C7F9A093EA4C47B
                                                                                                                                                                                                                                                                                                                                                                          SHA-512:A4A96743332CC8EF0F86BC2E6122618BFC75ED46781DADBAC9E580CD73DF89E74738638A2CCCB4CAA4CBBF393D771D7F2C73F825737CDB247362450A0D4A4BC1
                                                                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                                                                          Preview:Name: gmpopenh264.Description: GMP Plugin for OpenH264..Version: 1.8.1.APIs: encode-video[h264], decode-video[h264].

                                                                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info.tmp

                                                                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                                                                          Size (bytes):116
                                                                                                                                                                                                                                                                                                                                                                          Entropy (8bit):4.968220104601006
                                                                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                          SSDEEP:3:C3OuN9RAM7VDXcEzq+rEakOvTMBv+FdBAIABv+FEn:0BDUmHlvAWeWEn
                                                                                                                                                                                                                                                                                                                                                                          MD5:3D33CDC0B3D281E67DD52E14435DD04F
                                                                                                                                                                                                                                                                                                                                                                          SHA1:4DB88689282FD4F9E9E6AB95FCBB23DF6E6485DB
                                                                                                                                                                                                                                                                                                                                                                          SHA-256:F526E9F98841D987606EFEAFF7F3E017BA9FD516C4BE83890C7F9A093EA4C47B
                                                                                                                                                                                                                                                                                                                                                                          SHA-512:A4A96743332CC8EF0F86BC2E6122618BFC75ED46781DADBAC9E580CD73DF89E74738638A2CCCB4CAA4CBBF393D771D7F2C73F825737CDB247362450A0D4A4BC1
                                                                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                                                                          Preview:Name: gmpopenh264.Description: GMP Plugin for OpenH264..Version: 1.8.1.APIs: encode-video[h264], decode-video[h264].

                                                                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\permissions.sqlite

                                                                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                          File Type:SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, file counter 4, database pages 3, cookie 0x2, schema 4, UTF-8, version-valid-for 4
                                                                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                                                                          Size (bytes):98304
                                                                                                                                                                                                                                                                                                                                                                          Entropy (8bit):0.07332868418664362
                                                                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                          SSDEEP:12:DBl/A0OWla0mwPxRymgObsCVR45wcYR4fmnsCVR4zkiJx9W:DLhesh7Owd4+jiJx
                                                                                                                                                                                                                                                                                                                                                                          MD5:FA126225CE20702E9114B6F98B3F9613
                                                                                                                                                                                                                                                                                                                                                                          SHA1:30698C72A9725C12C5F901AB1C1BCD348F7FD8E4
                                                                                                                                                                                                                                                                                                                                                                          SHA-256:8C5B9F31CB25CDCF03DB4EF44A624FF405CCA50CA0B4B310F18E1F81CC9C8B42
                                                                                                                                                                                                                                                                                                                                                                          SHA-512:2F4F80C270EB77955F86DF706B056113D8CE8B26DC5BE82347D1E694CCD6D66B14C2C4742F17B9B9D0DE9CEAEC382E981FB90083C47BF38A78E3ACC90E59FA4D
                                                                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                                                                          Preview:SQLite format 3......@ ..........................................................................j......~s..F~s........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\places.sqlite-shm

                                                                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                                                                          Size (bytes):32768
                                                                                                                                                                                                                                                                                                                                                                          Entropy (8bit):0.035699946889726504
                                                                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                          SSDEEP:3:GtlstFcAdSIg4D/6Y4tlstFcAdSIg4D/6AZ89//alEl:GtWteJIHDyY4tWteJIHDyAZ89XuM
                                                                                                                                                                                                                                                                                                                                                                          MD5:01D7DE9DBAB97B5ACF014B8E5FC8BE8E
                                                                                                                                                                                                                                                                                                                                                                          SHA1:30E3040C67156A992C37070AFF1475C03A98025B
                                                                                                                                                                                                                                                                                                                                                                          SHA-256:8CB328E36D801587547AC12CF1955B13437ABD5DE3D63664EC9ACFB5A54EA8D0
                                                                                                                                                                                                                                                                                                                                                                          SHA-512:D51E10E688E252206F6DD42075764AEE80BEBC32D01B09AAD5923D6205006B10120792FD3B254209DAA024B11EA44CF8DE2251D944179FBFDCD2F73C661693F8
                                                                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                                                                          Preview:..-......................v)@.z_....!......fZ.....-......................v)@.z_....!......fZ...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\places.sqlite-wal

                                                                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                          File Type:SQLite Write-Ahead Log, version 3007000
                                                                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                                                                          Size (bytes):32824
                                                                                                                                                                                                                                                                                                                                                                          Entropy (8bit):0.03979839120994073
                                                                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                          SSDEEP:3:Ol1tHMYpClM00dFll8rEXsxdwhml8XW3R2:KH7D9l8dMhm93w
                                                                                                                                                                                                                                                                                                                                                                          MD5:84DB178693D24B471D8575D75A88CF1B
                                                                                                                                                                                                                                                                                                                                                                          SHA1:3F894DE687CFE3AF599A64454799A9AB7C1BF29A
                                                                                                                                                                                                                                                                                                                                                                          SHA-256:13F48175159ADDC0FF7EC2EC03434A1DC1C8975AB2347709882C529E52A0CB0C
                                                                                                                                                                                                                                                                                                                                                                          SHA-512:4D7B0F3DE4C4AB4653878EC36F8B6F05B74D569B4AB83133C235B0AD6633F8E81EC95B5458FDBB3F2CD943E00EEF9D6EABF20AF9E4E02B73C653C8C14B99BCFC
                                                                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                                                                          Preview:7....-.............!.....c..c..T...........!....@)v.._z.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\prefs-1.js

                                                                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                          File Type:ASCII text, with very long lines (1743), with CRLF line terminators
                                                                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                                                                          Size (bytes):13187
                                                                                                                                                                                                                                                                                                                                                                          Entropy (8bit):5.475595890615769
                                                                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                          SSDEEP:192:1qpbqfmkN2nPOeRnLYbBp6tvJ0aX+wK6SEXKKhEpJUiNn1Z5RHWNBw8dAVSl:1qpbqfmkN8DeUvJUwRnhEpJUOfHEwBV0
                                                                                                                                                                                                                                                                                                                                                                          MD5:7D26B66B28C42B2B94D998D682B1A438
                                                                                                                                                                                                                                                                                                                                                                          SHA1:809FD39F54481F1D76D423EC1F42403DD06FA5F1
                                                                                                                                                                                                                                                                                                                                                                          SHA-256:6D6A6B74DF275104F3B510286E5E23C0ECF3218349CB5D0AD5B931847BC6D7E8
                                                                                                                                                                                                                                                                                                                                                                          SHA-512:6AFE7FA2970F43ACA59D8F36DEEB5603CBB3C7595728170CC0E9138413FEEC68138159152F01F15E1EEEFDB629867044C35094029A956C417E85A9336E6951BE
                                                                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                                                                          Preview:// Mozilla User Preferences....// DO NOT EDIT THIS FILE...//..// If you make changes to this file while the application is running,..// the changes will be overwritten when the application exits...//..// To change a preference value, you can either:..// - modify it via the UI (e.g. via about:config in the browser); or..// - set it within a user.js file in your profile.....user_pref("app.normandy.first_run", false);..user_pref("app.normandy.migrationsApplied", 12);..user_pref("app.normandy.user_id", "9e34c6e7-cbed-40a0-ba63-35488e171013");..user_pref("app.update.auto.migrated", true);..user_pref("app.update.background.rolledout", true);..user_pref("app.update.backgroundErrors", 2);..user_pref("app.update.lastUpdateTime.addon-background-update-timer", 1733127735);..user_pref("app.update.lastUpdateTime.background-update-timer", 1733127735);..user_pref("app.update.lastUpdateTime.browser-cleanup-thumbnails", 1733127735);..user_pref("app.update.lastUpdateTime.recipe-client-addon-run", 173312

                                                                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\prefs.js (copy)

                                                                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                          File Type:ASCII text, with very long lines (1743), with CRLF line terminators
                                                                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                                                                          Size (bytes):13187
                                                                                                                                                                                                                                                                                                                                                                          Entropy (8bit):5.475595890615769
                                                                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                          SSDEEP:192:1qpbqfmkN2nPOeRnLYbBp6tvJ0aX+wK6SEXKKhEpJUiNn1Z5RHWNBw8dAVSl:1qpbqfmkN8DeUvJUwRnhEpJUOfHEwBV0
                                                                                                                                                                                                                                                                                                                                                                          MD5:7D26B66B28C42B2B94D998D682B1A438
                                                                                                                                                                                                                                                                                                                                                                          SHA1:809FD39F54481F1D76D423EC1F42403DD06FA5F1
                                                                                                                                                                                                                                                                                                                                                                          SHA-256:6D6A6B74DF275104F3B510286E5E23C0ECF3218349CB5D0AD5B931847BC6D7E8
                                                                                                                                                                                                                                                                                                                                                                          SHA-512:6AFE7FA2970F43ACA59D8F36DEEB5603CBB3C7595728170CC0E9138413FEEC68138159152F01F15E1EEEFDB629867044C35094029A956C417E85A9336E6951BE
                                                                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                                                                          Preview:// Mozilla User Preferences....// DO NOT EDIT THIS FILE...//..// If you make changes to this file while the application is running,..// the changes will be overwritten when the application exits...//..// To change a preference value, you can either:..// - modify it via the UI (e.g. via about:config in the browser); or..// - set it within a user.js file in your profile.....user_pref("app.normandy.first_run", false);..user_pref("app.normandy.migrationsApplied", 12);..user_pref("app.normandy.user_id", "9e34c6e7-cbed-40a0-ba63-35488e171013");..user_pref("app.update.auto.migrated", true);..user_pref("app.update.background.rolledout", true);..user_pref("app.update.backgroundErrors", 2);..user_pref("app.update.lastUpdateTime.addon-background-update-timer", 1733127735);..user_pref("app.update.lastUpdateTime.background-update-timer", 1733127735);..user_pref("app.update.lastUpdateTime.browser-cleanup-thumbnails", 1733127735);..user_pref("app.update.lastUpdateTime.recipe-client-addon-run", 173312

                                                                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\protections.sqlite

                                                                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                          File Type:SQLite 3.x database, user version 1, last written using SQLite version 3042000, page size 32768, file counter 4, database pages 2, cookie 0x1, schema 4, UTF-8, version-valid-for 4
                                                                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                                                                          Size (bytes):65536
                                                                                                                                                                                                                                                                                                                                                                          Entropy (8bit):0.04062825861060003
                                                                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                          SSDEEP:3:lSGBl/l/zl9l/AltllPltlnKollzvulJOlzALRWemFxu7TuRjBFbrl58lcV+wgn8:ltBl/lqN1K4BEJYqWvLue3FMOrMZ0l
                                                                                                                                                                                                                                                                                                                                                                          MD5:60C09456D6362C6FBED48C69AA342C3C
                                                                                                                                                                                                                                                                                                                                                                          SHA1:58B6E22DAA48C75958B429F662DEC1C011AE74D3
                                                                                                                                                                                                                                                                                                                                                                          SHA-256:FE1A432A2CD096B7EEA870D46D07F5197E34B4D10666E6E1C357FAA3F2FE2389
                                                                                                                                                                                                                                                                                                                                                                          SHA-512:936DBC887276EF07732783B50EAFE450A8598B0492B8F6C838B337EF3E8A6EA595E7C7A2FA4B3E881887FAAE2D207B953A4C65ED8C964D93118E00D3E03882BD
                                                                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                                                                          Preview:SQLite format 3......@ ..........................................................................j.......x..x..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\sessionCheckpoints.json (copy)

                                                                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                                                                          Size (bytes):90
                                                                                                                                                                                                                                                                                                                                                                          Entropy (8bit):4.194538242412464
                                                                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                          SSDEEP:3:YVXKQJAyiVLQwJtJDBA+AJ2LKZXJ3YFwHY:Y9KQOy6Lb1BA+m2L69Yr
                                                                                                                                                                                                                                                                                                                                                                          MD5:C4AB2EE59CA41B6D6A6EA911F35BDC00
                                                                                                                                                                                                                                                                                                                                                                          SHA1:5942CD6505FC8A9DABA403B082067E1CDEFDFBC4
                                                                                                                                                                                                                                                                                                                                                                          SHA-256:00AD9799527C3FD21F3A85012565EAE817490F3E0D417413BF9567BB5909F6A2
                                                                                                                                                                                                                                                                                                                                                                          SHA-512:71EA16900479E6AF161E0AAD08C8D1E9DED5868A8D848E7647272F3002E2F2013E16382B677ABE3C6F17792A26293B9E27EC78E16F00BD24BA3D21072BD1CAE2
                                                                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                                                                          Preview:{"profile-after-change":true,"final-ui-startup":true,"sessionstore-windows-restored":true}

                                                                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\sessionCheckpoints.json.tmp

                                                                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                                                                          Size (bytes):90
                                                                                                                                                                                                                                                                                                                                                                          Entropy (8bit):4.194538242412464
                                                                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                          SSDEEP:3:YVXKQJAyiVLQwJtJDBA+AJ2LKZXJ3YFwHY:Y9KQOy6Lb1BA+m2L69Yr
                                                                                                                                                                                                                                                                                                                                                                          MD5:C4AB2EE59CA41B6D6A6EA911F35BDC00
                                                                                                                                                                                                                                                                                                                                                                          SHA1:5942CD6505FC8A9DABA403B082067E1CDEFDFBC4
                                                                                                                                                                                                                                                                                                                                                                          SHA-256:00AD9799527C3FD21F3A85012565EAE817490F3E0D417413BF9567BB5909F6A2
                                                                                                                                                                                                                                                                                                                                                                          SHA-512:71EA16900479E6AF161E0AAD08C8D1E9DED5868A8D848E7647272F3002E2F2013E16382B677ABE3C6F17792A26293B9E27EC78E16F00BD24BA3D21072BD1CAE2
                                                                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                                                                          Preview:{"profile-after-change":true,"final-ui-startup":true,"sessionstore-windows-restored":true}

                                                                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\sessionstore-backups\recovery.baklz4 (copy)

                                                                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                          File Type:Mozilla lz4 compressed data, originally 5861 bytes
                                                                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                                                                          Size (bytes):1566
                                                                                                                                                                                                                                                                                                                                                                          Entropy (8bit):6.342812450780353
                                                                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                          SSDEEP:24:v+USUGlcAxSVLXnIrw/pnxQwRcWT5sKmgb0ksHVpjO+famhujJxWO2c0TiVm0BtT:GUpOxs9nRcoegnsrjxf4JIc3zBtT
                                                                                                                                                                                                                                                                                                                                                                          MD5:692C50F2AB7CA24A5CAECFA14C188416
                                                                                                                                                                                                                                                                                                                                                                          SHA1:679C95A86E00FCECFD17E61A696C57A2A39104F9
                                                                                                                                                                                                                                                                                                                                                                          SHA-256:48F9CBDDD4C40D3A01C6A8EE44D392C564F80ACF8D1DAC462C0BD5AA6106F61B
                                                                                                                                                                                                                                                                                                                                                                          SHA-512:6A01B08070BFFD3C9183BFD447E45530E58824306B7F2A75A48FF42B47B8DDAEDB305053B44825348D4737AC396DD8405F5A3D80A260B9C280740D8D3B96F765
                                                                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                                                                          Preview:mozLz40.......{"version":["ses....restore",1],"windows":[{"tab..bentrie....url":"https://youtube.com/account?=.....rs.googl%...v3/signin/challenge/pwd","title[.C..cacheKey":0,"ID":7,"docshellUU...D"{b19cdefe-4739-44a0-b72f-d75fe4c3ed6b}","resultPrincipalURI":null,"hasUserInteracte...true,"triggering8.p_base64z..\"3\":{}^...docIdentifier":8,"persistK..+}],"lastAccessed":1733127739688,"hidden":false,"searchMode...userContextId...attribut...{},"index":1...questedI..p0,"imag....chrome://global/skin/icons/warning.svg"..aselect...,"_closedTZ.@],"_...C..`GroupCF..":-1,"busy...t...Flags":2150633470....dth":1164,"height":891,"screenX":4...Y..Aizem..."maximize......BeforeMin...&..workspace9...98952893-68ff-4a5d-a164-705c709ed3db","zD..1...Wm..l........j..:....1":{..jUpdate...9,"startTim..P04543...centCrash..B0},".....Dcook....host":"addons.mozilla.org","valu...'b03116d8508741e1c0453eca6046028f71c7c2b904be5e0a0d4686...b1764f","pa..p"/","na..a"taarI|.Tecure2..C.Donly..fexpiry...1...,"originA...."f

                                                                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\sessionstore-backups\recovery.jsonlz4 (copy)

                                                                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                          File Type:Mozilla lz4 compressed data, originally 5861 bytes
                                                                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                                                                          Size (bytes):1566
                                                                                                                                                                                                                                                                                                                                                                          Entropy (8bit):6.342812450780353
                                                                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                          SSDEEP:24:v+USUGlcAxSVLXnIrw/pnxQwRcWT5sKmgb0ksHVpjO+famhujJxWO2c0TiVm0BtT:GUpOxs9nRcoegnsrjxf4JIc3zBtT
                                                                                                                                                                                                                                                                                                                                                                          MD5:692C50F2AB7CA24A5CAECFA14C188416
                                                                                                                                                                                                                                                                                                                                                                          SHA1:679C95A86E00FCECFD17E61A696C57A2A39104F9
                                                                                                                                                                                                                                                                                                                                                                          SHA-256:48F9CBDDD4C40D3A01C6A8EE44D392C564F80ACF8D1DAC462C0BD5AA6106F61B
                                                                                                                                                                                                                                                                                                                                                                          SHA-512:6A01B08070BFFD3C9183BFD447E45530E58824306B7F2A75A48FF42B47B8DDAEDB305053B44825348D4737AC396DD8405F5A3D80A260B9C280740D8D3B96F765
                                                                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                                                                          Preview:mozLz40.......{"version":["ses....restore",1],"windows":[{"tab..bentrie....url":"https://youtube.com/account?=.....rs.googl%...v3/signin/challenge/pwd","title[.C..cacheKey":0,"ID":7,"docshellUU...D"{b19cdefe-4739-44a0-b72f-d75fe4c3ed6b}","resultPrincipalURI":null,"hasUserInteracte...true,"triggering8.p_base64z..\"3\":{}^...docIdentifier":8,"persistK..+}],"lastAccessed":1733127739688,"hidden":false,"searchMode...userContextId...attribut...{},"index":1...questedI..p0,"imag....chrome://global/skin/icons/warning.svg"..aselect...,"_closedTZ.@],"_...C..`GroupCF..":-1,"busy...t...Flags":2150633470....dth":1164,"height":891,"screenX":4...Y..Aizem..."maximize......BeforeMin...&..workspace9...98952893-68ff-4a5d-a164-705c709ed3db","zD..1...Wm..l........j..:....1":{..jUpdate...9,"startTim..P04543...centCrash..B0},".....Dcook....host":"addons.mozilla.org","valu...'b03116d8508741e1c0453eca6046028f71c7c2b904be5e0a0d4686...b1764f","pa..p"/","na..a"taarI|.Tecure2..C.Donly..fexpiry...1...,"originA...."f

                                                                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\sessionstore-backups\recovery.jsonlz4.tmp

                                                                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                          File Type:Mozilla lz4 compressed data, originally 5861 bytes
                                                                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                                                                          Size (bytes):1566
                                                                                                                                                                                                                                                                                                                                                                          Entropy (8bit):6.342812450780353
                                                                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                          SSDEEP:24:v+USUGlcAxSVLXnIrw/pnxQwRcWT5sKmgb0ksHVpjO+famhujJxWO2c0TiVm0BtT:GUpOxs9nRcoegnsrjxf4JIc3zBtT
                                                                                                                                                                                                                                                                                                                                                                          MD5:692C50F2AB7CA24A5CAECFA14C188416
                                                                                                                                                                                                                                                                                                                                                                          SHA1:679C95A86E00FCECFD17E61A696C57A2A39104F9
                                                                                                                                                                                                                                                                                                                                                                          SHA-256:48F9CBDDD4C40D3A01C6A8EE44D392C564F80ACF8D1DAC462C0BD5AA6106F61B
                                                                                                                                                                                                                                                                                                                                                                          SHA-512:6A01B08070BFFD3C9183BFD447E45530E58824306B7F2A75A48FF42B47B8DDAEDB305053B44825348D4737AC396DD8405F5A3D80A260B9C280740D8D3B96F765
                                                                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                                                                          Preview:mozLz40.......{"version":["ses....restore",1],"windows":[{"tab..bentrie....url":"https://youtube.com/account?=.....rs.googl%...v3/signin/challenge/pwd","title[.C..cacheKey":0,"ID":7,"docshellUU...D"{b19cdefe-4739-44a0-b72f-d75fe4c3ed6b}","resultPrincipalURI":null,"hasUserInteracte...true,"triggering8.p_base64z..\"3\":{}^...docIdentifier":8,"persistK..+}],"lastAccessed":1733127739688,"hidden":false,"searchMode...userContextId...attribut...{},"index":1...questedI..p0,"imag....chrome://global/skin/icons/warning.svg"..aselect...,"_closedTZ.@],"_...C..`GroupCF..":-1,"busy...t...Flags":2150633470....dth":1164,"height":891,"screenX":4...Y..Aizem..."maximize......BeforeMin...&..workspace9...98952893-68ff-4a5d-a164-705c709ed3db","zD..1...Wm..l........j..:....1":{..jUpdate...9,"startTim..P04543...centCrash..B0},".....Dcook....host":"addons.mozilla.org","valu...'b03116d8508741e1c0453eca6046028f71c7c2b904be5e0a0d4686...b1764f","pa..p"/","na..a"taarI|.Tecure2..C.Donly..fexpiry...1...,"originA...."f

                                                                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage.sqlite

                                                                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                          File Type:SQLite 3.x database, user version 131075, last written using SQLite version 3042000, page size 512, file counter 6, database pages 8, cookie 0x4, schema 4, UTF-8, version-valid-for 6
                                                                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                                                                          Size (bytes):4096
                                                                                                                                                                                                                                                                                                                                                                          Entropy (8bit):2.0836444556178684
                                                                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                          SSDEEP:24:JBwdh/cEUcR9PzNFPFHx/GJRBdkOrDcRB1trwDeAq2gRMyxr3:jnEUo9LXtR+JdkOnohYsl
                                                                                                                                                                                                                                                                                                                                                                          MD5:8B40B1534FF0F4B533AF767EB5639A05
                                                                                                                                                                                                                                                                                                                                                                          SHA1:63EDB539EA39AD09D701A36B535C4C087AE08CC9
                                                                                                                                                                                                                                                                                                                                                                          SHA-256:AF275A19A5C2C682139266065D90C237282274D11C5619A121B7BDBDB252861B
                                                                                                                                                                                                                                                                                                                                                                          SHA-512:54AF707698CED33C206B1B193DA414D630901762E88E37E99885A50D4D5F8DDC28367C9B401DFE251CF0552B4FA446EE28F78A97C9096AFB0F2898BFBB673B53
                                                                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                                                                          Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\targeting.snapshot.json (copy)

                                                                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                                                                          Size (bytes):4537
                                                                                                                                                                                                                                                                                                                                                                          Entropy (8bit):5.028464888109455
                                                                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                          SSDEEP:96:ycdMTEr5/lLmI2Ac1zzcxvbw6Kkgrc2Rn27:0TEr5NX0z3DhRe
                                                                                                                                                                                                                                                                                                                                                                          MD5:9554DEE769B76B622C9CB9888E9CB35F
                                                                                                                                                                                                                                                                                                                                                                          SHA1:1552C9D403B04E1A5D18E14D7DC16EA890847811
                                                                                                                                                                                                                                                                                                                                                                          SHA-256:EB2D6DE92761C7E24A22C069B8C725C9341E726E2C7C0781F9787B94F4D48424
                                                                                                                                                                                                                                                                                                                                                                          SHA-512:C40A25262D712FAAE8ADC5F44D081FDEBD5D7B1EDAACD26D29D5422CF91D562AD02CAB4CCBE9EEFE66D5C548E6E1AF3900F6D2E934401B237D892575E75946D9
                                                                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                                                                          Preview:{"environment":{"locale":"en-US","localeLanguageCode":"en","browserSettings":{"update":{"channel":"release","enabled":true,"autoDownload":true,"background":true}},"attributionData":{"campaign":"%2528not%2Bset%2529","content":"%2528not%2Bset%2529","dlsource":"mozorg","dltoken":"cd09ae95-e2cf-4b8b-8929-791b0dd48cdd","experiment":"%2528not%2Bset%2529","medium":"referral","source":"www.google.com","ua":"chrome","variation":"%2528not%2Bset%2529"},"currentDate":"2024-12-02T08:22:00.692Z","profileAgeCreated":1696426830133,"usesFirefoxSync":false,"isFxAEnabled":true,"isFxASignedIn":false,"sync":{"desktopDevices":0,"mobileDevices":0,"totalDevices":0},"xpinstallEnabled":true,"addonsInfo":{"addons":{"formautofill@mozilla.org":{"version":"1.0.1","type":"extension","isSystem":true,"isWebExtension":true,"name":"Form Autofill","userDisabled":false,"installDate":"2023-09-28T01:41:23.000Z"},"pictureinpicture@mozilla.org":{"version":"1.0.0","type":"extension","isSystem":true,"isWebExtension":true,"name"

                                                                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\targeting.snapshot.json.tmp

                                                                                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                                                                          Size (bytes):4537
                                                                                                                                                                                                                                                                                                                                                                          Entropy (8bit):5.028464888109455
                                                                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                          SSDEEP:96:ycdMTEr5/lLmI2Ac1zzcxvbw6Kkgrc2Rn27:0TEr5NX0z3DhRe
                                                                                                                                                                                                                                                                                                                                                                          MD5:9554DEE769B76B622C9CB9888E9CB35F
                                                                                                                                                                                                                                                                                                                                                                          SHA1:1552C9D403B04E1A5D18E14D7DC16EA890847811
                                                                                                                                                                                                                                                                                                                                                                          SHA-256:EB2D6DE92761C7E24A22C069B8C725C9341E726E2C7C0781F9787B94F4D48424
                                                                                                                                                                                                                                                                                                                                                                          SHA-512:C40A25262D712FAAE8ADC5F44D081FDEBD5D7B1EDAACD26D29D5422CF91D562AD02CAB4CCBE9EEFE66D5C548E6E1AF3900F6D2E934401B237D892575E75946D9
                                                                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                                                                          Preview:{"environment":{"locale":"en-US","localeLanguageCode":"en","browserSettings":{"update":{"channel":"release","enabled":true,"autoDownload":true,"background":true}},"attributionData":{"campaign":"%2528not%2Bset%2529","content":"%2528not%2Bset%2529","dlsource":"mozorg","dltoken":"cd09ae95-e2cf-4b8b-8929-791b0dd48cdd","experiment":"%2528not%2Bset%2529","medium":"referral","source":"www.google.com","ua":"chrome","variation":"%2528not%2Bset%2529"},"currentDate":"2024-12-02T08:22:00.692Z","profileAgeCreated":1696426830133,"usesFirefoxSync":false,"isFxAEnabled":true,"isFxASignedIn":false,"sync":{"desktopDevices":0,"mobileDevices":0,"totalDevices":0},"xpinstallEnabled":true,"addonsInfo":{"addons":{"formautofill@mozilla.org":{"version":"1.0.1","type":"extension","isSystem":true,"isWebExtension":true,"name":"Form Autofill","userDisabled":false,"installDate":"2023-09-28T01:41:23.000Z"},"pictureinpicture@mozilla.org":{"version":"1.0.0","type":"extension","isSystem":true,"isWebExtension":true,"name"

                                                                                                                                                                                                                                                                                                                                                                          Static File Info

                                                                                                                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                                                                                                                          File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                          Entropy (8bit):6.706282062949998
                                                                                                                                                                                                                                                                                                                                                                          TrID:
                                                                                                                                                                                                                                                                                                                                                                          • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                                                                                                                                                                                                                                                                                                          • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                                                                                                                                                                                                                                                                          • DOS Executable Generic (2002/1) 0.02%
                                                                                                                                                                                                                                                                                                                                                                          • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                                                                                                                                                                                                                                                          File name:file.exe
                                                                                                                                                                                                                                                                                                                                                                          File size:972'288 bytes
                                                                                                                                                                                                                                                                                                                                                                          MD5:c02392d9a9831e51c84e937678a960be
                                                                                                                                                                                                                                                                                                                                                                          SHA1:eec12c327c9e5d53fb2dd37ff962e19d13abd87d
                                                                                                                                                                                                                                                                                                                                                                          SHA256:b7996f60dbafd2d81c2699d9e033f44f3b4cfef88bfe8f4895b1997b59b634a0
                                                                                                                                                                                                                                                                                                                                                                          SHA512:d41810eda9aa371df478f7e685d17eb23966926a6dd94adb33c37ea577a2889c21be0dd7186463c353c9c2eebe7b458dbd15bd00bc69a821f89939497b91e1e8
                                                                                                                                                                                                                                                                                                                                                                          SSDEEP:24576:lqDEvCTbMWu7rQYlBQcBiT6rprG8alo3Ty:lTvC/MTQYxsWR7alc
                                                                                                                                                                                                                                                                                                                                                                          TLSH:18259E0273D1C062FFAB92334B5AF6515BBC69260123E62F13981DB9BD701B1563E7A3
                                                                                                                                                                                                                                                                                                                                                                          File Content Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......................j:......j:..C...j:......@.*...............................n.......~.............{.......{.......{.........z....

                                                                                                                                                                                                                                                                                                                                                                          File Icon

                                                                                                                                                                                                                                                                                                                                                                          Icon Hash:aaf3e3e3938382a0

                                                                                                                                                                                                                                                                                                                                                                          Static PE Info

                                                                                                                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                                                                                                                          Entrypoint:0x420577
                                                                                                                                                                                                                                                                                                                                                                          Entrypoint Section:.text
                                                                                                                                                                                                                                                                                                                                                                          Digitally signed:false
                                                                                                                                                                                                                                                                                                                                                                          Imagebase:0x400000
                                                                                                                                                                                                                                                                                                                                                                          Subsystem:windows gui
                                                                                                                                                                                                                                                                                                                                                                          Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
                                                                                                                                                                                                                                                                                                                                                                          DLL Characteristics:DYNAMIC_BASE, TERMINAL_SERVER_AWARE
                                                                                                                                                                                                                                                                                                                                                                          Time Stamp:0x674D5403 [Mon Dec 2 06:30:27 2024 UTC]
                                                                                                                                                                                                                                                                                                                                                                          TLS Callbacks:
                                                                                                                                                                                                                                                                                                                                                                          CLR (.Net) Version:
                                                                                                                                                                                                                                                                                                                                                                          OS Version Major:5
                                                                                                                                                                                                                                                                                                                                                                          OS Version Minor:1
                                                                                                                                                                                                                                                                                                                                                                          File Version Major:5
                                                                                                                                                                                                                                                                                                                                                                          File Version Minor:1
                                                                                                                                                                                                                                                                                                                                                                          Subsystem Version Major:5
                                                                                                                                                                                                                                                                                                                                                                          Subsystem Version Minor:1
                                                                                                                                                                                                                                                                                                                                                                          Import Hash:948cc502fe9226992dce9417f952fce3

                                                                                                                                                                                                                                                                                                                                                                          Entrypoint Preview

                                                                                                                                                                                                                                                                                                                                                                          Instruction
                                                                                                                                                                                                                                                                                                                                                                          call 00007FBFBCB71703h
                                                                                                                                                                                                                                                                                                                                                                          jmp 00007FBFBCB7100Fh
                                                                                                                                                                                                                                                                                                                                                                          push ebp
                                                                                                                                                                                                                                                                                                                                                                          mov ebp, esp
                                                                                                                                                                                                                                                                                                                                                                          push esi
                                                                                                                                                                                                                                                                                                                                                                          push dword ptr [ebp+08h]
                                                                                                                                                                                                                                                                                                                                                                          mov esi, ecx
                                                                                                                                                                                                                                                                                                                                                                          call 00007FBFBCB711EDh
                                                                                                                                                                                                                                                                                                                                                                          mov dword ptr [esi], 0049FDF0h
                                                                                                                                                                                                                                                                                                                                                                          mov eax, esi
                                                                                                                                                                                                                                                                                                                                                                          pop esi
                                                                                                                                                                                                                                                                                                                                                                          pop ebp
                                                                                                                                                                                                                                                                                                                                                                          retn 0004h
                                                                                                                                                                                                                                                                                                                                                                          and dword ptr [ecx+04h], 00000000h
                                                                                                                                                                                                                                                                                                                                                                          mov eax, ecx
                                                                                                                                                                                                                                                                                                                                                                          and dword ptr [ecx+08h], 00000000h
                                                                                                                                                                                                                                                                                                                                                                          mov dword ptr [ecx+04h], 0049FDF8h
                                                                                                                                                                                                                                                                                                                                                                          mov dword ptr [ecx], 0049FDF0h
                                                                                                                                                                                                                                                                                                                                                                          ret
                                                                                                                                                                                                                                                                                                                                                                          push ebp
                                                                                                                                                                                                                                                                                                                                                                          mov ebp, esp
                                                                                                                                                                                                                                                                                                                                                                          push esi
                                                                                                                                                                                                                                                                                                                                                                          push dword ptr [ebp+08h]
                                                                                                                                                                                                                                                                                                                                                                          mov esi, ecx
                                                                                                                                                                                                                                                                                                                                                                          call 00007FBFBCB711BAh
                                                                                                                                                                                                                                                                                                                                                                          mov dword ptr [esi], 0049FE0Ch
                                                                                                                                                                                                                                                                                                                                                                          mov eax, esi
                                                                                                                                                                                                                                                                                                                                                                          pop esi
                                                                                                                                                                                                                                                                                                                                                                          pop ebp
                                                                                                                                                                                                                                                                                                                                                                          retn 0004h
                                                                                                                                                                                                                                                                                                                                                                          and dword ptr [ecx+04h], 00000000h
                                                                                                                                                                                                                                                                                                                                                                          mov eax, ecx
                                                                                                                                                                                                                                                                                                                                                                          and dword ptr [ecx+08h], 00000000h
                                                                                                                                                                                                                                                                                                                                                                          mov dword ptr [ecx+04h], 0049FE14h
                                                                                                                                                                                                                                                                                                                                                                          mov dword ptr [ecx], 0049FE0Ch
                                                                                                                                                                                                                                                                                                                                                                          ret
                                                                                                                                                                                                                                                                                                                                                                          push ebp
                                                                                                                                                                                                                                                                                                                                                                          mov ebp, esp
                                                                                                                                                                                                                                                                                                                                                                          push esi
                                                                                                                                                                                                                                                                                                                                                                          mov esi, ecx
                                                                                                                                                                                                                                                                                                                                                                          lea eax, dword ptr [esi+04h]
                                                                                                                                                                                                                                                                                                                                                                          mov dword ptr [esi], 0049FDD0h
                                                                                                                                                                                                                                                                                                                                                                          and dword ptr [eax], 00000000h
                                                                                                                                                                                                                                                                                                                                                                          and dword ptr [eax+04h], 00000000h
                                                                                                                                                                                                                                                                                                                                                                          push eax
                                                                                                                                                                                                                                                                                                                                                                          mov eax, dword ptr [ebp+08h]
                                                                                                                                                                                                                                                                                                                                                                          add eax, 04h
                                                                                                                                                                                                                                                                                                                                                                          push eax
                                                                                                                                                                                                                                                                                                                                                                          call 00007FBFBCB73DADh
                                                                                                                                                                                                                                                                                                                                                                          pop ecx
                                                                                                                                                                                                                                                                                                                                                                          pop ecx
                                                                                                                                                                                                                                                                                                                                                                          mov eax, esi
                                                                                                                                                                                                                                                                                                                                                                          pop esi
                                                                                                                                                                                                                                                                                                                                                                          pop ebp
                                                                                                                                                                                                                                                                                                                                                                          retn 0004h
                                                                                                                                                                                                                                                                                                                                                                          lea eax, dword ptr [ecx+04h]
                                                                                                                                                                                                                                                                                                                                                                          mov dword ptr [ecx], 0049FDD0h
                                                                                                                                                                                                                                                                                                                                                                          push eax
                                                                                                                                                                                                                                                                                                                                                                          call 00007FBFBCB73DF8h
                                                                                                                                                                                                                                                                                                                                                                          pop ecx
                                                                                                                                                                                                                                                                                                                                                                          ret
                                                                                                                                                                                                                                                                                                                                                                          push ebp
                                                                                                                                                                                                                                                                                                                                                                          mov ebp, esp
                                                                                                                                                                                                                                                                                                                                                                          push esi
                                                                                                                                                                                                                                                                                                                                                                          mov esi, ecx
                                                                                                                                                                                                                                                                                                                                                                          lea eax, dword ptr [esi+04h]
                                                                                                                                                                                                                                                                                                                                                                          mov dword ptr [esi], 0049FDD0h
                                                                                                                                                                                                                                                                                                                                                                          push eax
                                                                                                                                                                                                                                                                                                                                                                          call 00007FBFBCB73DE1h
                                                                                                                                                                                                                                                                                                                                                                          test byte ptr [ebp+08h], 00000001h
                                                                                                                                                                                                                                                                                                                                                                          pop ecx

                                                                                                                                                                                                                                                                                                                                                                          Rich Headers

                                                                                                                                                                                                                                                                                                                                                                          Programming Language:
                                                                                                                                                                                                                                                                                                                                                                          • [ C ] VS2008 SP1 build 30729
                                                                                                                                                                                                                                                                                                                                                                          • [IMP] VS2008 SP1 build 30729

                                                                                                                                                                                                                                                                                                                                                                          Data Directories

                                                                                                                                                                                                                                                                                                                                                                          NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_IMPORT0xc8e640x17c.rdata
                                                                                                                                                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_RESOURCE0xd40000x16a48.rsrc
                                                                                                                                                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_BASERELOC0xeb0000x7594.reloc
                                                                                                                                                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_DEBUG0xb0ff00x1c.rdata
                                                                                                                                                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_TLS0xc34000x18.rdata
                                                                                                                                                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0xb10100x40.rdata
                                                                                                                                                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_IAT0x9c0000x894.rdata
                                                                                                                                                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                                                                                                                                                                                                                                          Sections

                                                                                                                                                                                                                                                                                                                                                                          NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                                                                                                                                                                                                          .text0x10000x9ab1d0x9ac000a1473f3064dcbc32ef93c5c8a90f3a6False0.565500681542811data6.668273581389308IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                                                                                                                                          .rdata0x9c0000x2fb820x2fc00c9cf2468b60bf4f80f136ed54b3989fbFalse0.35289185209424084data5.691811547483722IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                                                                                                                                          .data0xcc0000x706c0x480053b9025d545d65e23295e30afdbd16d9False0.04356553819444445DOS executable (block device driver @\273\)0.5846666986982398IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                                                                                                                                                          .rsrc0xd40000x16a480x16c007b8aec7ec7b4f0370537c8481f0ce6e3False0.7061941964285714data7.197227406432843IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                                                                                                                                          .reloc0xeb0000x75940x7600c68ee8931a32d45eb82dc450ee40efc3False0.7628111758474576data6.7972128181359786IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                                                                                                                                                                                                                                                                                                          Resources

                                                                                                                                                                                                                                                                                                                                                                          NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                                                                                                                                                                                                                                          RT_ICON0xd45f00x128Device independent bitmap graphic, 16 x 32 x 4, image size 192EnglishGreat Britain0.7466216216216216
                                                                                                                                                                                                                                                                                                                                                                          RT_ICON0xd47180x128Device independent bitmap graphic, 16 x 32 x 4, image size 128, 16 important colorsEnglishGreat Britain0.3277027027027027
                                                                                                                                                                                                                                                                                                                                                                          RT_ICON0xd48400x128Device independent bitmap graphic, 16 x 32 x 4, image size 192EnglishGreat Britain0.3885135135135135
                                                                                                                                                                                                                                                                                                                                                                          RT_ICON0xd49680x2e8Device independent bitmap graphic, 32 x 64 x 4, image size 0EnglishGreat Britain0.3333333333333333
                                                                                                                                                                                                                                                                                                                                                                          RT_ICON0xd4c500x128Device independent bitmap graphic, 16 x 32 x 4, image size 0EnglishGreat Britain0.5
                                                                                                                                                                                                                                                                                                                                                                          RT_ICON0xd4d780xea8Device independent bitmap graphic, 48 x 96 x 8, image size 0EnglishGreat Britain0.2835820895522388
                                                                                                                                                                                                                                                                                                                                                                          RT_ICON0xd5c200x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 0EnglishGreat Britain0.37906137184115524
                                                                                                                                                                                                                                                                                                                                                                          RT_ICON0xd64c80x568Device independent bitmap graphic, 16 x 32 x 8, image size 0EnglishGreat Britain0.23699421965317918
                                                                                                                                                                                                                                                                                                                                                                          RT_ICON0xd6a300x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 0EnglishGreat Britain0.13858921161825727
                                                                                                                                                                                                                                                                                                                                                                          RT_ICON0xd8fd80x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 0EnglishGreat Britain0.25070356472795496
                                                                                                                                                                                                                                                                                                                                                                          RT_ICON0xda0800x468Device independent bitmap graphic, 16 x 32 x 32, image size 0EnglishGreat Britain0.3173758865248227
                                                                                                                                                                                                                                                                                                                                                                          RT_MENU0xda4e80x50dataEnglishGreat Britain0.9
                                                                                                                                                                                                                                                                                                                                                                          RT_DIALOG0xda5380xfcdataEnglishGreat Britain0.6507936507936508
                                                                                                                                                                                                                                                                                                                                                                          RT_STRING0xda6340x594dataEnglishGreat Britain0.3333333333333333
                                                                                                                                                                                                                                                                                                                                                                          RT_STRING0xdabc80x68adataEnglishGreat Britain0.2735961768219833
                                                                                                                                                                                                                                                                                                                                                                          RT_STRING0xdb2540x490dataEnglishGreat Britain0.3715753424657534
                                                                                                                                                                                                                                                                                                                                                                          RT_STRING0xdb6e40x5fcdataEnglishGreat Britain0.3087467362924282
                                                                                                                                                                                                                                                                                                                                                                          RT_STRING0xdbce00x65cdataEnglishGreat Britain0.34336609336609336
                                                                                                                                                                                                                                                                                                                                                                          RT_STRING0xdc33c0x466dataEnglishGreat Britain0.3605683836589698
                                                                                                                                                                                                                                                                                                                                                                          RT_STRING0xdc7a40x158Matlab v4 mat-file (little endian) n, numeric, rows 0, columns 0EnglishGreat Britain0.502906976744186
                                                                                                                                                                                                                                                                                                                                                                          RT_RCDATA0xdc8fc0xdbccdata1.0004620743584276
                                                                                                                                                                                                                                                                                                                                                                          RT_GROUP_ICON0xea4c80x76dataEnglishGreat Britain0.6610169491525424
                                                                                                                                                                                                                                                                                                                                                                          RT_GROUP_ICON0xea5400x14dataEnglishGreat Britain1.25
                                                                                                                                                                                                                                                                                                                                                                          RT_GROUP_ICON0xea5540x14dataEnglishGreat Britain1.15
                                                                                                                                                                                                                                                                                                                                                                          RT_GROUP_ICON0xea5680x14dataEnglishGreat Britain1.25
                                                                                                                                                                                                                                                                                                                                                                          RT_VERSION0xea57c0xdcdataEnglishGreat Britain0.6181818181818182
                                                                                                                                                                                                                                                                                                                                                                          RT_MANIFEST0xea6580x3efASCII text, with CRLF line terminatorsEnglishGreat Britain0.5074478649453823

                                                                                                                                                                                                                                                                                                                                                                          Imports

                                                                                                                                                                                                                                                                                                                                                                          DLLImport
                                                                                                                                                                                                                                                                                                                                                                          WSOCK32.dllgethostbyname, recv, send, socket, inet_ntoa, setsockopt, ntohs, WSACleanup, WSAStartup, sendto, htons, __WSAFDIsSet, select, accept, listen, bind, inet_addr, ioctlsocket, recvfrom, WSAGetLastError, closesocket, gethostname, connect
                                                                                                                                                                                                                                                                                                                                                                          VERSION.dllGetFileVersionInfoW, VerQueryValueW, GetFileVersionInfoSizeW
                                                                                                                                                                                                                                                                                                                                                                          WINMM.dlltimeGetTime, waveOutSetVolume, mciSendStringW
                                                                                                                                                                                                                                                                                                                                                                          COMCTL32.dllImageList_ReplaceIcon, ImageList_Destroy, ImageList_Remove, ImageList_SetDragCursorImage, ImageList_BeginDrag, ImageList_DragEnter, ImageList_DragLeave, ImageList_EndDrag, ImageList_DragMove, InitCommonControlsEx, ImageList_Create
                                                                                                                                                                                                                                                                                                                                                                          MPR.dllWNetGetConnectionW, WNetCancelConnection2W, WNetUseConnectionW, WNetAddConnection2W
                                                                                                                                                                                                                                                                                                                                                                          WININET.dllHttpOpenRequestW, InternetCloseHandle, InternetOpenW, InternetSetOptionW, InternetCrackUrlW, HttpQueryInfoW, InternetQueryOptionW, InternetConnectW, HttpSendRequestW, FtpOpenFileW, FtpGetFileSize, InternetOpenUrlW, InternetReadFile, InternetQueryDataAvailable
                                                                                                                                                                                                                                                                                                                                                                          PSAPI.DLLGetProcessMemoryInfo
                                                                                                                                                                                                                                                                                                                                                                          IPHLPAPI.DLLIcmpSendEcho, IcmpCloseHandle, IcmpCreateFile
                                                                                                                                                                                                                                                                                                                                                                          USERENV.dllDestroyEnvironmentBlock, LoadUserProfileW, CreateEnvironmentBlock, UnloadUserProfile
                                                                                                                                                                                                                                                                                                                                                                          UxTheme.dllIsThemeActive
                                                                                                                                                                                                                                                                                                                                                                          KERNEL32.dllDuplicateHandle, CreateThread, WaitForSingleObject, HeapAlloc, GetProcessHeap, HeapFree, Sleep, GetCurrentThreadId, MultiByteToWideChar, MulDiv, GetVersionExW, IsWow64Process, GetSystemInfo, FreeLibrary, LoadLibraryA, GetProcAddress, SetErrorMode, GetModuleFileNameW, WideCharToMultiByte, lstrcpyW, lstrlenW, GetModuleHandleW, QueryPerformanceCounter, VirtualFreeEx, OpenProcess, VirtualAllocEx, WriteProcessMemory, ReadProcessMemory, CreateFileW, SetFilePointerEx, SetEndOfFile, ReadFile, WriteFile, FlushFileBuffers, TerminateProcess, CreateToolhelp32Snapshot, Process32FirstW, Process32NextW, SetFileTime, GetFileAttributesW, FindFirstFileW, FindClose, GetLongPathNameW, GetShortPathNameW, DeleteFileW, IsDebuggerPresent, CopyFileExW, MoveFileW, CreateDirectoryW, RemoveDirectoryW, SetSystemPowerState, QueryPerformanceFrequency, LoadResource, LockResource, SizeofResource, OutputDebugStringW, GetTempPathW, GetTempFileNameW, DeviceIoControl, LoadLibraryW, GetLocalTime, CompareStringW, GetCurrentThread, EnterCriticalSection, LeaveCriticalSection, GetStdHandle, CreatePipe, InterlockedExchange, TerminateThread, LoadLibraryExW, FindResourceExW, CopyFileW, VirtualFree, FormatMessageW, GetExitCodeProcess, GetPrivateProfileStringW, WritePrivateProfileStringW, GetPrivateProfileSectionW, WritePrivateProfileSectionW, GetPrivateProfileSectionNamesW, FileTimeToLocalFileTime, FileTimeToSystemTime, SystemTimeToFileTime, LocalFileTimeToFileTime, GetDriveTypeW, GetDiskFreeSpaceExW, GetDiskFreeSpaceW, GetVolumeInformationW, SetVolumeLabelW, CreateHardLinkW, SetFileAttributesW, CreateEventW, SetEvent, GetEnvironmentVariableW, SetEnvironmentVariableW, GlobalLock, GlobalUnlock, GlobalAlloc, GetFileSize, GlobalFree, GlobalMemoryStatusEx, Beep, GetSystemDirectoryW, HeapReAlloc, HeapSize, GetComputerNameW, GetWindowsDirectoryW, GetCurrentProcessId, GetProcessIoCounters, CreateProcessW, GetProcessId, SetPriorityClass, VirtualAlloc, GetCurrentDirectoryW, lstrcmpiW, DecodePointer, GetLastError, RaiseException, InitializeCriticalSectionAndSpinCount, DeleteCriticalSection, InterlockedDecrement, InterlockedIncrement, ResetEvent, WaitForSingleObjectEx, IsProcessorFeaturePresent, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetCurrentProcess, CloseHandle, GetFullPathNameW, GetStartupInfoW, GetSystemTimeAsFileTime, InitializeSListHead, RtlUnwind, SetLastError, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, EncodePointer, ExitProcess, GetModuleHandleExW, ExitThread, ResumeThread, FreeLibraryAndExitThread, GetACP, GetDateFormatW, GetTimeFormatW, LCMapStringW, GetStringTypeW, GetFileType, SetStdHandle, GetConsoleCP, GetConsoleMode, ReadConsoleW, GetTimeZoneInformation, FindFirstFileExW, IsValidCodePage, GetOEMCP, GetCPInfo, GetCommandLineA, GetCommandLineW, GetEnvironmentStringsW, FreeEnvironmentStringsW, SetEnvironmentVariableA, SetCurrentDirectoryW, FindNextFileW, WriteConsoleW
                                                                                                                                                                                                                                                                                                                                                                          USER32.dllGetKeyboardLayoutNameW, IsCharAlphaW, IsCharAlphaNumericW, IsCharLowerW, IsCharUpperW, GetMenuStringW, GetSubMenu, GetCaretPos, IsZoomed, GetMonitorInfoW, SetWindowLongW, SetLayeredWindowAttributes, FlashWindow, GetClassLongW, TranslateAcceleratorW, IsDialogMessageW, GetSysColor, InflateRect, DrawFocusRect, DrawTextW, FrameRect, DrawFrameControl, FillRect, PtInRect, DestroyAcceleratorTable, CreateAcceleratorTableW, SetCursor, GetWindowDC, GetSystemMetrics, GetActiveWindow, CharNextW, wsprintfW, RedrawWindow, DrawMenuBar, DestroyMenu, SetMenu, GetWindowTextLengthW, CreateMenu, IsDlgButtonChecked, DefDlgProcW, CallWindowProcW, ReleaseCapture, SetCapture, PeekMessageW, GetInputState, UnregisterHotKey, CharLowerBuffW, MonitorFromPoint, MonitorFromRect, LoadImageW, mouse_event, ExitWindowsEx, SetActiveWindow, FindWindowExW, EnumThreadWindows, SetMenuDefaultItem, InsertMenuItemW, IsMenu, ClientToScreen, GetCursorPos, DeleteMenu, CheckMenuRadioItem, GetMenuItemID, GetMenuItemCount, SetMenuItemInfoW, GetMenuItemInfoW, SetForegroundWindow, IsIconic, FindWindowW, SystemParametersInfoW, LockWindowUpdate, SendInput, GetAsyncKeyState, SetKeyboardState, GetKeyboardState, GetKeyState, VkKeyScanW, LoadStringW, DialogBoxParamW, MessageBeep, EndDialog, SendDlgItemMessageW, GetDlgItem, SetWindowTextW, CopyRect, ReleaseDC, GetDC, EndPaint, BeginPaint, GetClientRect, GetMenu, DestroyWindow, EnumWindows, GetDesktopWindow, IsWindow, IsWindowEnabled, IsWindowVisible, EnableWindow, InvalidateRect, GetWindowLongW, GetWindowThreadProcessId, AttachThreadInput, GetFocus, GetWindowTextW, SendMessageTimeoutW, EnumChildWindows, CharUpperBuffW, GetClassNameW, GetParent, GetDlgCtrlID, SendMessageW, MapVirtualKeyW, PostMessageW, GetWindowRect, SetUserObjectSecurity, CloseDesktop, CloseWindowStation, OpenDesktopW, RegisterHotKey, GetCursorInfo, SetWindowPos, CopyImage, AdjustWindowRectEx, SetRect, SetClipboardData, EmptyClipboard, CountClipboardFormats, CloseClipboard, GetClipboardData, IsClipboardFormatAvailable, OpenClipboard, BlockInput, TrackPopupMenuEx, GetMessageW, SetProcessWindowStation, GetProcessWindowStation, OpenWindowStationW, GetUserObjectSecurity, MessageBoxW, DefWindowProcW, MoveWindow, SetFocus, PostQuitMessage, KillTimer, CreatePopupMenu, RegisterWindowMessageW, SetTimer, ShowWindow, CreateWindowExW, RegisterClassExW, LoadIconW, LoadCursorW, GetSysColorBrush, GetForegroundWindow, MessageBoxA, DestroyIcon, DispatchMessageW, keybd_event, TranslateMessage, ScreenToClient
                                                                                                                                                                                                                                                                                                                                                                          GDI32.dllEndPath, DeleteObject, GetTextExtentPoint32W, ExtCreatePen, StrokeAndFillPath, GetDeviceCaps, SetPixel, CloseFigure, LineTo, AngleArc, MoveToEx, Ellipse, CreateCompatibleBitmap, CreateCompatibleDC, PolyDraw, BeginPath, Rectangle, SetViewportOrgEx, GetObjectW, SetBkMode, RoundRect, SetBkColor, CreatePen, SelectObject, StretchBlt, CreateSolidBrush, SetTextColor, CreateFontW, GetTextFaceW, GetStockObject, CreateDCW, GetPixel, DeleteDC, GetDIBits, StrokePath
                                                                                                                                                                                                                                                                                                                                                                          COMDLG32.dllGetSaveFileNameW, GetOpenFileNameW
                                                                                                                                                                                                                                                                                                                                                                          ADVAPI32.dllGetAce, RegEnumValueW, RegDeleteValueW, RegDeleteKeyW, RegEnumKeyExW, RegSetValueExW, RegOpenKeyExW, RegCloseKey, RegQueryValueExW, RegConnectRegistryW, InitializeSecurityDescriptor, InitializeAcl, AdjustTokenPrivileges, OpenThreadToken, OpenProcessToken, LookupPrivilegeValueW, DuplicateTokenEx, CreateProcessAsUserW, CreateProcessWithLogonW, GetLengthSid, CopySid, LogonUserW, AllocateAndInitializeSid, CheckTokenMembership, FreeSid, GetTokenInformation, RegCreateKeyExW, GetSecurityDescriptorDacl, GetAclInformation, GetUserNameW, AddAce, SetSecurityDescriptorDacl, InitiateSystemShutdownExW
                                                                                                                                                                                                                                                                                                                                                                          SHELL32.dllDragFinish, DragQueryPoint, ShellExecuteExW, DragQueryFileW, SHEmptyRecycleBinW, SHGetPathFromIDListW, SHBrowseForFolderW, SHCreateShellItem, SHGetDesktopFolder, SHGetSpecialFolderLocation, SHGetFolderPathW, SHFileOperationW, ExtractIconExW, Shell_NotifyIconW, ShellExecuteW
                                                                                                                                                                                                                                                                                                                                                                          ole32.dllCoTaskMemAlloc, CoTaskMemFree, CLSIDFromString, ProgIDFromCLSID, CLSIDFromProgID, OleSetMenuDescriptor, MkParseDisplayName, OleSetContainedObject, CoCreateInstance, IIDFromString, StringFromGUID2, CreateStreamOnHGlobal, OleInitialize, OleUninitialize, CoInitialize, CoUninitialize, GetRunningObjectTable, CoGetInstanceFromFile, CoGetObject, CoInitializeSecurity, CoCreateInstanceEx, CoSetProxyBlanket
                                                                                                                                                                                                                                                                                                                                                                          OLEAUT32.dllCreateStdDispatch, CreateDispTypeInfo, UnRegisterTypeLib, UnRegisterTypeLibForUser, RegisterTypeLibForUser, RegisterTypeLib, LoadTypeLibEx, VariantCopyInd, SysReAllocString, SysFreeString, VariantChangeType, SafeArrayDestroyData, SafeArrayUnaccessData, SafeArrayAccessData, SafeArrayAllocData, SafeArrayAllocDescriptorEx, SafeArrayCreateVector, SysStringLen, QueryPathOfRegTypeLib, SysAllocString, VariantInit, VariantClear, DispCallFunc, VariantTimeToSystemTime, VarR8FromDec, SafeArrayGetVartype, SafeArrayDestroyDescriptor, VariantCopy, OleLoadPicture

                                                                                                                                                                                                                                                                                                                                                                          Possible Origin

                                                                                                                                                                                                                                                                                                                                                                          Language of compilation systemCountry where language is spokenMap
                                                                                                                                                                                                                                                                                                                                                                          EnglishGreat Britain

                                                                                                                                                                                                                                                                                                                                                                          Network Behavior

                                                                                                                                                                                                                                                                                                                                                                          Network Port Distribution

                                                                                                                                                                                                                                                                                                                                                                          TCP Packets

                                                                                                                                                                                                                                                                                                                                                                          TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:16.963433981 CET49726443192.168.2.535.190.72.216
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:16.963480949 CET4434972635.190.72.216192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:16.964184046 CET49726443192.168.2.535.190.72.216
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:16.971138000 CET49726443192.168.2.535.190.72.216
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:16.971152067 CET4434972635.190.72.216192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:18.047749996 CET49727443192.168.2.5142.250.181.142
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:18.047785997 CET44349727142.250.181.142192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:18.048114061 CET49728443192.168.2.5142.250.181.142
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:18.048121929 CET44349728142.250.181.142192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:18.048697948 CET4972980192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:18.049858093 CET49727443192.168.2.5142.250.181.142
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:18.050499916 CET49728443192.168.2.5142.250.181.142
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:18.051409006 CET49727443192.168.2.5142.250.181.142
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:18.051423073 CET44349727142.250.181.142192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:18.053127050 CET49728443192.168.2.5142.250.181.142
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:18.053138971 CET44349728142.250.181.142192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:18.168612003 CET804972934.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:18.168680906 CET4972980192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:18.168845892 CET4972980192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:18.231797934 CET4434972635.190.72.216192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:18.231870890 CET49726443192.168.2.535.190.72.216
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:18.240451097 CET49726443192.168.2.535.190.72.216
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:18.240469933 CET4434972635.190.72.216192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:18.240578890 CET49726443192.168.2.535.190.72.216
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:18.240649939 CET4434972635.190.72.216192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:18.241008997 CET49726443192.168.2.535.190.72.216
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:18.288764000 CET804972934.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:18.601502895 CET49731443192.168.2.534.117.188.166
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:18.601542950 CET4434973134.117.188.166192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:18.609390020 CET49731443192.168.2.534.117.188.166
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:18.610919952 CET49731443192.168.2.534.117.188.166
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:18.610937119 CET4434973134.117.188.166192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:18.754703999 CET49732443192.168.2.534.117.188.166
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:18.754731894 CET4434973234.117.188.166192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:18.755069017 CET49732443192.168.2.534.117.188.166
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:18.756495953 CET49732443192.168.2.534.117.188.166
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:18.756511927 CET4434973234.117.188.166192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:18.796825886 CET49733443192.168.2.535.244.181.201
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:18.796849012 CET4434973335.244.181.201192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:18.797084093 CET49733443192.168.2.535.244.181.201
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:18.797271013 CET49733443192.168.2.535.244.181.201
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:18.797286034 CET4434973335.244.181.201192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:18.984639883 CET49734443192.168.2.534.160.144.191
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:18.984664917 CET4434973434.160.144.191192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:18.990226984 CET49734443192.168.2.534.160.144.191
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:18.990536928 CET49734443192.168.2.534.160.144.191
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:18.990551949 CET4434973434.160.144.191192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:19.254499912 CET804972934.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:19.298945904 CET4972980192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:19.793622971 CET804972934.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:19.793849945 CET4972980192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:19.801954031 CET44349728142.250.181.142192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:19.802043915 CET49728443192.168.2.5142.250.181.142
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:19.802645922 CET44349728142.250.181.142192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:19.804739952 CET49728443192.168.2.5142.250.181.142
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:19.808203936 CET49728443192.168.2.5142.250.181.142
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:19.808212042 CET44349728142.250.181.142192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:19.808303118 CET49728443192.168.2.5142.250.181.142
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:19.808448076 CET44349728142.250.181.142192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:19.812923908 CET49728443192.168.2.5142.250.181.142
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:19.819125891 CET4973580192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:19.833061934 CET44349727142.250.181.142192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:19.833786011 CET44349727142.250.181.142192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:19.835083008 CET49727443192.168.2.5142.250.181.142
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:19.835093975 CET44349727142.250.181.142192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:19.844667912 CET49727443192.168.2.5142.250.181.142
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:19.844681978 CET44349727142.250.181.142192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:19.844757080 CET49727443192.168.2.5142.250.181.142
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:19.844856977 CET44349727142.250.181.142192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:19.845588923 CET49727443192.168.2.5142.250.181.142
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:19.925523996 CET4434973134.117.188.166192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:19.925539970 CET4434973134.117.188.166192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:19.932082891 CET49731443192.168.2.534.117.188.166
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:19.936853886 CET49731443192.168.2.534.117.188.166
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:19.936866999 CET4434973134.117.188.166192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:19.936992884 CET49731443192.168.2.534.117.188.166
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:19.937026978 CET4434973134.117.188.166192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:19.937339067 CET49738443192.168.2.534.117.188.166
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:19.937364101 CET4434973834.117.188.166192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:19.939038992 CET804973534.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:19.954153061 CET49731443192.168.2.534.117.188.166
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:19.954205990 CET49738443192.168.2.534.117.188.166
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:19.955816031 CET49738443192.168.2.534.117.188.166
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:19.955832958 CET4434973834.117.188.166192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:19.956653118 CET4973580192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:19.956792116 CET4973580192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:19.979738951 CET4434973234.117.188.166192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:19.979849100 CET49732443192.168.2.534.117.188.166
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:19.984271049 CET49732443192.168.2.534.117.188.166
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:19.984271049 CET49732443192.168.2.534.117.188.166
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:19.984280109 CET4434973234.117.188.166192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:19.984477997 CET4434973234.117.188.166192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:19.984565020 CET49732443192.168.2.534.117.188.166
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:20.057035923 CET4434973335.244.181.201192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:20.063333035 CET4434973335.244.181.201192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:20.070084095 CET49733443192.168.2.535.244.181.201
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:20.076628923 CET804973534.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:20.097127914 CET49733443192.168.2.535.244.181.201
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:20.097136021 CET4434973335.244.181.201192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:20.097400904 CET4434973335.244.181.201192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:20.099570036 CET49733443192.168.2.535.244.181.201
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:20.099642992 CET49733443192.168.2.535.244.181.201
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:20.099710941 CET4434973335.244.181.201192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:20.101214886 CET49733443192.168.2.535.244.181.201
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:20.101262093 CET49733443192.168.2.535.244.181.201
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:20.249548912 CET4434973434.160.144.191192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:20.265753984 CET4972980192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:20.267796993 CET49734443192.168.2.534.160.144.191
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:20.271080017 CET49734443192.168.2.534.160.144.191
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:20.271090031 CET4434973434.160.144.191192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:20.271325111 CET4434973434.160.144.191192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:20.273258924 CET49734443192.168.2.534.160.144.191
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:20.273370981 CET4434973434.160.144.191192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:20.273375034 CET49734443192.168.2.534.160.144.191
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:20.273380995 CET4434973434.160.144.191192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:20.273782015 CET49739443192.168.2.534.160.144.191
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:20.273828030 CET49734443192.168.2.534.160.144.191
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:20.273840904 CET4434973934.160.144.191192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:20.273960114 CET49739443192.168.2.534.160.144.191
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:20.274071932 CET49739443192.168.2.534.160.144.191
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:20.274085045 CET4434973934.160.144.191192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:20.385978937 CET804972934.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:20.391607046 CET4972980192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:20.485907078 CET49740443192.168.2.534.117.188.166
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:20.485932112 CET4434974034.117.188.166192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:20.488895893 CET49740443192.168.2.534.117.188.166
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:20.490562916 CET49740443192.168.2.534.117.188.166
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:20.490576029 CET4434974034.117.188.166192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:20.575443029 CET4974180192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:20.695528030 CET804974134.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:20.695604086 CET4974180192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:20.695770979 CET4974180192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:20.815751076 CET804974134.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:21.089096069 CET804973534.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:21.089473009 CET4973580192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:21.209888935 CET804973534.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:21.215363979 CET4973580192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:21.219897985 CET4434973834.117.188.166192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:21.219913006 CET4434973834.117.188.166192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:21.219975948 CET49738443192.168.2.534.117.188.166
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:21.225145102 CET49738443192.168.2.534.117.188.166
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:21.225153923 CET4434973834.117.188.166192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:21.225223064 CET49738443192.168.2.534.117.188.166
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:21.225296021 CET4434973834.117.188.166192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:21.225349903 CET49738443192.168.2.534.117.188.166
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:21.577241898 CET4434973934.160.144.191192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:21.577316999 CET49739443192.168.2.534.160.144.191
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:21.580662966 CET49739443192.168.2.534.160.144.191
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:21.580673933 CET4434973934.160.144.191192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:21.580903053 CET4434973934.160.144.191192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:21.583700895 CET49739443192.168.2.534.160.144.191
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:21.583777905 CET49739443192.168.2.534.160.144.191
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:21.583841085 CET4434973934.160.144.191192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:21.583942890 CET49739443192.168.2.534.160.144.191
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:21.804421902 CET4434974034.117.188.166192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:21.804517031 CET49740443192.168.2.534.117.188.166
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:21.825716972 CET49740443192.168.2.534.117.188.166
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:21.825748920 CET4434974034.117.188.166192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:21.825856924 CET49740443192.168.2.534.117.188.166
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:21.825983047 CET4434974034.117.188.166192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:21.826172113 CET804974134.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:21.826241970 CET49744443192.168.2.534.117.188.166
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:21.826258898 CET4434974434.117.188.166192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:21.827861071 CET49740443192.168.2.534.117.188.166
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:21.827919960 CET49744443192.168.2.534.117.188.166
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:21.829370022 CET49744443192.168.2.534.117.188.166
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:21.829384089 CET4434974434.117.188.166192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:21.877337933 CET4974180192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:21.961194992 CET4974680192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:22.044058084 CET49747443192.168.2.534.107.243.93
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:22.044107914 CET4434974734.107.243.93192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:22.051533937 CET49747443192.168.2.534.107.243.93
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:22.053028107 CET49747443192.168.2.534.107.243.93
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:22.053046942 CET4434974734.107.243.93192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:22.081089973 CET804974634.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:22.088668108 CET4974680192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:22.088917971 CET4974680192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:22.101670980 CET49748443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:22.101708889 CET4434974834.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:22.102197886 CET49748443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:22.103578091 CET49748443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:22.103591919 CET4434974834.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:22.118637085 CET49749443192.168.2.534.149.100.209
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:22.118663073 CET4434974934.149.100.209192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:22.118796110 CET49749443192.168.2.534.149.100.209
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:22.120321989 CET49749443192.168.2.534.149.100.209
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:22.120337963 CET4434974934.149.100.209192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:22.121093035 CET49750443192.168.2.535.244.181.201
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:22.121129036 CET4434975035.244.181.201192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:22.121715069 CET49750443192.168.2.535.244.181.201
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:22.121834993 CET49750443192.168.2.535.244.181.201
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:22.121853113 CET4434975035.244.181.201192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:22.208745956 CET804974634.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:23.093592882 CET4434974434.117.188.166192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:23.093679905 CET49744443192.168.2.534.117.188.166
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:23.098891020 CET49744443192.168.2.534.117.188.166
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:23.098900080 CET4434974434.117.188.166192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:23.098983049 CET49744443192.168.2.534.117.188.166
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:23.099095106 CET4434974434.117.188.166192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:23.099270105 CET49744443192.168.2.534.117.188.166
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:23.266231060 CET804974634.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:23.267996073 CET4434974734.107.243.93192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:23.268013954 CET4434974734.107.243.93192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:23.268121958 CET49747443192.168.2.534.107.243.93
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:23.273387909 CET49747443192.168.2.534.107.243.93
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:23.273406982 CET4434974734.107.243.93192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:23.273478985 CET49747443192.168.2.534.107.243.93
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:23.273597002 CET4434974734.107.243.93192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:23.273688078 CET49747443192.168.2.534.107.243.93
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:23.319087982 CET4974680192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:23.320267916 CET4434974834.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:23.320358992 CET49748443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:23.325735092 CET49748443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:23.325746059 CET4434974834.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:23.325829029 CET49748443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:23.325936079 CET4434974834.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:23.326003075 CET49748443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:23.377888918 CET4434975035.244.181.201192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:23.377968073 CET49750443192.168.2.535.244.181.201
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:23.380919933 CET49750443192.168.2.535.244.181.201
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:23.380928040 CET4434975035.244.181.201192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:23.381191015 CET4434975035.244.181.201192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:23.382267952 CET4434974934.149.100.209192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:23.382421017 CET49749443192.168.2.534.149.100.209
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:23.385049105 CET49750443192.168.2.535.244.181.201
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:23.385128975 CET49750443192.168.2.535.244.181.201
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:23.385201931 CET4434975035.244.181.201192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:23.385339975 CET49750443192.168.2.535.244.181.201
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:23.388325930 CET49749443192.168.2.534.149.100.209
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:23.388345957 CET4434974934.149.100.209192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:23.388386965 CET49749443192.168.2.534.149.100.209
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:23.388494968 CET4434974934.149.100.209192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:23.388628960 CET49749443192.168.2.534.149.100.209
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:24.782922983 CET4974180192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:24.817425013 CET49757443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:24.817452908 CET4434975734.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:24.817826033 CET49758443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:24.817856073 CET4434975834.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:24.820590973 CET49757443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:24.820746899 CET49758443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:24.820756912 CET49757443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:24.820772886 CET4434975734.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:24.820883989 CET49758443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:24.820898056 CET4434975834.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:24.902932882 CET804974134.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:24.932671070 CET49759443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:24.932696104 CET4434975934.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:24.932813883 CET49759443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:24.934134007 CET49759443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:24.934148073 CET4434975934.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:25.106313944 CET804974134.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:25.114193916 CET4974680192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:25.160438061 CET4974180192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:25.234556913 CET804974634.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:25.447665930 CET804974634.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:25.499985933 CET4974680192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:26.031146049 CET4434975734.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:26.031253099 CET49757443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:26.124010086 CET4434975834.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:26.124082088 CET49758443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:26.148070097 CET4434975934.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:26.148159027 CET49759443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:26.575097084 CET49757443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:26.575122118 CET4434975734.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:26.575488091 CET4434975734.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:26.577197075 CET49758443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:26.577230930 CET4434975834.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:26.577538013 CET4434975834.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:26.580997944 CET49757443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:26.581082106 CET49757443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:26.581171036 CET49758443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:26.581218004 CET49758443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:26.581258059 CET4434975734.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:26.581327915 CET4434975834.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:26.582588911 CET49759443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:26.582602978 CET4434975934.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:26.582674980 CET49759443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:26.582824945 CET4434975934.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:26.582829952 CET49757443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:26.582849979 CET49758443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:26.582918882 CET49759443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:31.848068953 CET4974180192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:31.849387884 CET49780443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:31.849404097 CET4434978034.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:31.851259947 CET49780443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:31.852812052 CET49780443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:31.852829933 CET4434978034.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:31.859699011 CET49781443192.168.2.534.107.243.93
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:31.859709024 CET4434978134.107.243.93192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:31.863346100 CET49781443192.168.2.534.107.243.93
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:31.864892960 CET49781443192.168.2.534.107.243.93
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:31.864905119 CET4434978134.107.243.93192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:31.968204021 CET804974134.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:32.173423052 CET804974134.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:32.222629070 CET4974180192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:32.911710024 CET4974680192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:33.031727076 CET804974634.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:33.064007998 CET4434978034.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:33.064196110 CET49780443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:33.122206926 CET4434978134.107.243.93192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:33.122287035 CET49781443192.168.2.534.107.243.93
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:33.245538950 CET804974634.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:33.294624090 CET4974680192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:33.380721092 CET49780443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:33.380738974 CET4434978034.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:33.380896091 CET49780443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:33.380981922 CET4434978034.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:33.381064892 CET49781443192.168.2.534.107.243.93
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:33.381076097 CET4434978134.107.243.93192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:33.381103992 CET49781443192.168.2.534.107.243.93
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:33.381248951 CET49780443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:33.381359100 CET4434978134.107.243.93192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:33.381759882 CET49781443192.168.2.534.107.243.93
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:33.881477118 CET4974180192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:34.003022909 CET804974134.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:34.209147930 CET804974134.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:34.266351938 CET4974180192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:34.335751057 CET4974680192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:34.455813885 CET804974634.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:34.669157982 CET804974634.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:34.714405060 CET4974680192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:42.245815992 CET4974180192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:42.365726948 CET804974134.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:42.569205999 CET804974134.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:42.572885036 CET4974680192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:42.622149944 CET4974180192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:42.692811966 CET804974634.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:42.905999899 CET804974634.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:42.954292059 CET4974680192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:43.577256918 CET49811443192.168.2.534.107.243.93
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:43.577294111 CET4434981134.107.243.93192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:43.577382088 CET49811443192.168.2.534.107.243.93
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:43.578771114 CET49811443192.168.2.534.107.243.93
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:43.578784943 CET4434981134.107.243.93192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:44.834589958 CET4434981134.107.243.93192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:44.834666967 CET49811443192.168.2.534.107.243.93
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:44.839917898 CET49811443192.168.2.534.107.243.93
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:44.839936018 CET4434981134.107.243.93192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:44.840009928 CET49811443192.168.2.534.107.243.93
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:44.840116978 CET4434981134.107.243.93192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:44.840904951 CET49811443192.168.2.534.107.243.93
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:44.842878103 CET4974180192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:44.962824106 CET804974134.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:45.166492939 CET804974134.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:45.169811964 CET4974680192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:45.214148045 CET4974180192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:45.289752960 CET804974634.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:45.503631115 CET804974634.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:45.546319962 CET4974680192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:45.809413910 CET49817443192.168.2.535.244.181.201
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:45.809453011 CET4434981735.244.181.201192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:45.812393904 CET49817443192.168.2.535.244.181.201
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:45.812638044 CET49817443192.168.2.535.244.181.201
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:45.812653065 CET4434981735.244.181.201192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:45.846534967 CET49818443192.168.2.534.149.100.209
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:45.846577883 CET4434981834.149.100.209192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:45.847579956 CET49818443192.168.2.534.149.100.209
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:45.847871065 CET49818443192.168.2.534.149.100.209
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:45.847884893 CET4434981834.149.100.209192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:45.871069908 CET49819443192.168.2.535.190.72.216
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:45.871098995 CET4434981935.190.72.216192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:45.871232033 CET49819443192.168.2.535.190.72.216
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:45.874516010 CET49819443192.168.2.535.190.72.216
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:45.874532938 CET4434981935.190.72.216192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:46.026448011 CET49820443192.168.2.535.201.103.21
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:46.026494026 CET4434982035.201.103.21192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:46.026592970 CET49820443192.168.2.535.201.103.21
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:46.028322935 CET49820443192.168.2.535.201.103.21
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:46.028341055 CET4434982035.201.103.21192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:46.053430080 CET49821443192.168.2.5151.101.1.91
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:46.053483963 CET44349821151.101.1.91192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:46.053844929 CET49821443192.168.2.5151.101.1.91
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:46.054150105 CET49821443192.168.2.5151.101.1.91
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:46.054162979 CET44349821151.101.1.91192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:47.114932060 CET4434981735.244.181.201192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:47.115029097 CET49817443192.168.2.535.244.181.201
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:47.118467093 CET49817443192.168.2.535.244.181.201
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:47.118491888 CET4434981735.244.181.201192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:47.118784904 CET4434981735.244.181.201192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:47.120944023 CET49817443192.168.2.535.244.181.201
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:47.121036053 CET49817443192.168.2.535.244.181.201
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:47.121129036 CET4434981735.244.181.201192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:47.121510029 CET49817443192.168.2.535.244.181.201
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:47.125169039 CET4974180192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:47.130285978 CET4434981935.190.72.216192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:47.132467985 CET49819443192.168.2.535.190.72.216
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:47.137927055 CET49819443192.168.2.535.190.72.216
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:47.137949944 CET4434981935.190.72.216192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:47.138006926 CET49819443192.168.2.535.190.72.216
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:47.138091087 CET4434981935.190.72.216192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:47.138277054 CET49819443192.168.2.535.190.72.216
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:47.168034077 CET4434981834.149.100.209192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:47.168128967 CET49818443192.168.2.534.149.100.209
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:47.171035051 CET49818443192.168.2.534.149.100.209
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:47.171047926 CET4434981834.149.100.209192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:47.171363115 CET4434981834.149.100.209192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:47.173394918 CET49818443192.168.2.534.149.100.209
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:47.173455000 CET49818443192.168.2.534.149.100.209
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:47.173547983 CET4434981834.149.100.209192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:47.173933983 CET49818443192.168.2.534.149.100.209
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:47.243127108 CET4434982035.201.103.21192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:47.243218899 CET49820443192.168.2.535.201.103.21
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:47.245088100 CET804974134.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:47.247330904 CET49820443192.168.2.535.201.103.21
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:47.247339010 CET4434982035.201.103.21192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:47.247423887 CET49820443192.168.2.535.201.103.21
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:47.247503042 CET4434982035.201.103.21192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:47.248258114 CET49820443192.168.2.535.201.103.21
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:47.260386944 CET49822443192.168.2.534.149.100.209
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:47.260427952 CET4434982234.149.100.209192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:47.260515928 CET49822443192.168.2.534.149.100.209
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:47.260596991 CET49822443192.168.2.534.149.100.209
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:47.260605097 CET4434982234.149.100.209192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:47.313471079 CET44349821151.101.1.91192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:47.313565969 CET49821443192.168.2.5151.101.1.91
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:47.316612959 CET49821443192.168.2.5151.101.1.91
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:47.316631079 CET44349821151.101.1.91192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:47.316875935 CET44349821151.101.1.91192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:47.319008112 CET49821443192.168.2.5151.101.1.91
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:47.319140911 CET44349821151.101.1.91192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:47.319155931 CET49821443192.168.2.5151.101.1.91
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:47.319163084 CET44349821151.101.1.91192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:47.319396973 CET49821443192.168.2.5151.101.1.91
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:47.327898026 CET49823443192.168.2.535.244.181.201
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:47.327931881 CET4434982335.244.181.201192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:47.328162909 CET49823443192.168.2.535.244.181.201
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:47.328278065 CET49823443192.168.2.535.244.181.201
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:47.328290939 CET4434982335.244.181.201192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:47.330375910 CET49824443192.168.2.535.244.181.201
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:47.330440998 CET4434982435.244.181.201192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:47.330598116 CET49824443192.168.2.535.244.181.201
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:47.330697060 CET49824443192.168.2.535.244.181.201
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:47.330718040 CET4434982435.244.181.201192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:47.332665920 CET49825443192.168.2.535.244.181.201
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:47.332698107 CET4434982535.244.181.201192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:47.333045959 CET49825443192.168.2.535.244.181.201
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:47.333168030 CET49825443192.168.2.535.244.181.201
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:47.333179951 CET4434982535.244.181.201192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:47.448533058 CET804974134.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:47.451693058 CET4974680192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:47.505251884 CET4974180192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:47.571681023 CET804974634.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:47.785032034 CET804974634.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:47.837379932 CET4974680192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:48.540870905 CET4434982435.244.181.201192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:48.547329903 CET4434982435.244.181.201192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:48.548618078 CET49824443192.168.2.535.244.181.201
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:48.551378012 CET49824443192.168.2.535.244.181.201
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:48.551388979 CET4434982435.244.181.201192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:48.551698923 CET4434982435.244.181.201192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:48.553879976 CET49824443192.168.2.535.244.181.201
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:48.553982973 CET49824443192.168.2.535.244.181.201
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:48.554086924 CET4434982435.244.181.201192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:48.554426908 CET49824443192.168.2.535.244.181.201
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:48.558727026 CET4974180192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:48.564066887 CET4434982234.149.100.209192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:48.564141989 CET49822443192.168.2.534.149.100.209
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:48.567064047 CET49822443192.168.2.534.149.100.209
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:48.567075968 CET4434982234.149.100.209192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:48.567406893 CET4434982234.149.100.209192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:48.569555998 CET49822443192.168.2.534.149.100.209
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:48.569607973 CET49822443192.168.2.534.149.100.209
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:48.569782972 CET4434982234.149.100.209192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:48.570456982 CET49822443192.168.2.534.149.100.209
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:48.631453037 CET4434982335.244.181.201192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:48.631547928 CET49823443192.168.2.535.244.181.201
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:48.634480000 CET49823443192.168.2.535.244.181.201
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:48.634494066 CET4434982335.244.181.201192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:48.634747028 CET4434982335.244.181.201192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:48.636025906 CET4434982535.244.181.201192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:48.636293888 CET49825443192.168.2.535.244.181.201
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:48.638633966 CET49825443192.168.2.535.244.181.201
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:48.638641119 CET4434982535.244.181.201192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:48.638875961 CET4434982535.244.181.201192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:48.640167952 CET49823443192.168.2.535.244.181.201
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:48.640269041 CET49823443192.168.2.535.244.181.201
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:48.640316010 CET4434982335.244.181.201192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:48.645641088 CET49825443192.168.2.535.244.181.201
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:48.645704985 CET49825443192.168.2.535.244.181.201
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:48.645854950 CET4434982535.244.181.201192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:48.653692961 CET49823443192.168.2.535.244.181.201
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:48.653713942 CET49825443192.168.2.535.244.181.201
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:48.678623915 CET804974134.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:48.882551908 CET804974134.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:48.885725975 CET4974680192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:48.925040960 CET4974180192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:49.005584002 CET804974634.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:49.219024897 CET804974634.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:49.272783041 CET4974680192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:58.885413885 CET4974180192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:59.005347967 CET804974134.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:59.239753008 CET4974680192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:59.359622002 CET804974634.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:38:05.049341917 CET49869443192.168.2.534.107.243.93
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:38:05.049374104 CET4434986934.107.243.93192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:38:05.049439907 CET49869443192.168.2.534.107.243.93
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:38:05.050935030 CET49869443192.168.2.534.107.243.93
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:38:05.050949097 CET4434986934.107.243.93192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:38:06.354542971 CET4434986934.107.243.93192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:38:06.354635000 CET49869443192.168.2.534.107.243.93
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:38:06.359777927 CET49869443192.168.2.534.107.243.93
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:38:06.359806061 CET4434986934.107.243.93192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:38:06.359870911 CET49869443192.168.2.534.107.243.93
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:38:06.359952927 CET4434986934.107.243.93192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:38:06.360579014 CET49869443192.168.2.534.107.243.93
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:38:06.362562895 CET4974180192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:38:06.482469082 CET804974134.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:38:06.686279058 CET804974134.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:38:06.689308882 CET4974680192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:38:06.727924109 CET4974180192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:38:06.809185982 CET804974634.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:38:07.022233009 CET804974634.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:38:07.082222939 CET4974680192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:38:16.364413977 CET49895443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:38:16.364451885 CET4434989534.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:38:16.364564896 CET49896443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:38:16.364578009 CET4434989634.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:38:16.365190983 CET49895443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:38:16.365192890 CET49896443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:38:16.365421057 CET49895443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:38:16.365437031 CET4434989534.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:38:16.365695953 CET49896443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:38:16.365706921 CET4434989634.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:38:16.688452005 CET4974180192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:38:16.808280945 CET804974134.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:38:17.027201891 CET4974680192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:38:17.147054911 CET804974634.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:38:17.576373100 CET4434989534.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:38:17.576504946 CET49895443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:38:17.580363989 CET49895443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:38:17.580370903 CET4434989534.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:38:17.580622911 CET4434989534.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:38:17.582941055 CET49895443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:38:17.583076954 CET49895443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:38:17.583086967 CET4434989534.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:38:17.586191893 CET49895443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:38:17.587336063 CET4974180192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:38:17.622180939 CET4434989634.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:38:17.622289896 CET49896443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:38:17.625602961 CET49896443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:38:17.625611067 CET4434989634.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:38:17.625874996 CET4434989634.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:38:17.628324986 CET49896443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:38:17.628443003 CET49896443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:38:17.628501892 CET4434989634.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:38:17.628982067 CET49896443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:38:17.707169056 CET804974134.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:38:17.910995007 CET804974134.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:38:17.914405107 CET4974680192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:38:17.961258888 CET4974180192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:38:18.034311056 CET804974634.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:38:18.247778893 CET804974634.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:38:18.293339968 CET4974680192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:38:27.919214964 CET4974180192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:38:28.039113045 CET804974134.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:38:28.251358986 CET4974680192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:38:28.371365070 CET804974634.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:38:38.051287889 CET4974180192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:38:38.171250105 CET804974134.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:38:38.374291897 CET4974680192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:38:38.494174004 CET804974634.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:38:47.275459051 CET49968443192.168.2.534.107.243.93
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:38:47.275507927 CET4434996834.107.243.93192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:38:47.275928020 CET49968443192.168.2.534.107.243.93
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:38:47.277611971 CET49968443192.168.2.534.107.243.93
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:38:47.277626991 CET4434996834.107.243.93192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:38:48.180082083 CET4974180192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:38:48.299990892 CET804974134.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:38:48.500947952 CET4434996834.107.243.93192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:38:48.501036882 CET49968443192.168.2.534.107.243.93
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:38:48.503199100 CET4974680192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:38:48.507740021 CET49968443192.168.2.534.107.243.93
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:38:48.507751942 CET4434996834.107.243.93192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:38:48.507855892 CET49968443192.168.2.534.107.243.93
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:38:48.507890940 CET4434996834.107.243.93192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:38:48.508744955 CET49968443192.168.2.534.107.243.93
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:38:48.510798931 CET4974180192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:38:48.623037100 CET804974634.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:38:48.630692959 CET804974134.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:38:48.834415913 CET804974134.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:38:48.838424921 CET4974680192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:38:48.882138014 CET4974180192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:38:48.958329916 CET804974634.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:38:49.171679974 CET804974634.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:38:49.220820904 CET4974680192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:38:58.849061966 CET4974180192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:38:58.969024897 CET804974134.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:38:59.181163073 CET4974680192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:38:59.301027060 CET804974634.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:39:08.978204966 CET4974180192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:39:09.098160028 CET804974134.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:39:09.309472084 CET4974680192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:39:09.429476976 CET804974634.107.221.82192.168.2.5

                                                                                                                                                                                                                                                                                                                                                                          UDP Packets

                                                                                                                                                                                                                                                                                                                                                                          TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:16.969254017 CET6464853192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:17.109848022 CET53646481.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:17.124627113 CET5204253192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:17.262243986 CET53520421.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:17.898359060 CET5082353192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:17.899599075 CET4988253192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:18.036283970 CET53508231.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:18.051635981 CET5793253192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:18.052040100 CET5396853192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:18.189366102 CET53539681.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:18.190561056 CET6064053192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:18.191590071 CET53579321.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:18.192045927 CET5703253192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:18.309086084 CET6098253192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:18.328283072 CET53606401.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:18.329144955 CET53570321.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:18.448760033 CET53609821.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:18.602540970 CET4926953192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:18.616231918 CET5715653192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:18.740639925 CET53492691.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:18.741329908 CET5802053192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:18.753880978 CET53571561.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:18.754940987 CET6181953192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:18.796942949 CET5733953192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:18.845391989 CET5328653192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:18.878997087 CET53580201.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:18.892596006 CET53618191.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:18.893357038 CET6171653192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:18.934753895 CET53573391.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:18.935470104 CET5705553192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:18.983056068 CET53532861.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:18.985738993 CET5028653192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:19.030941963 CET53617161.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:19.073223114 CET53570551.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:19.124059916 CET53502861.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:19.130656958 CET5498853192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:19.268270016 CET53549881.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:19.270100117 CET6447553192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:19.407497883 CET5309953192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:19.408075094 CET6028153192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:19.467628002 CET6152253192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:19.811996937 CET53644751.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:19.812354088 CET53602811.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:19.812679052 CET53530991.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:21.470580101 CET5713453192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:21.620803118 CET5296453192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:21.758081913 CET53529641.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:21.760312080 CET5055153192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:21.897557974 CET53505511.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:21.898294926 CET6347053192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:21.979612112 CET6014953192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:22.035784006 CET53634701.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:22.102427959 CET6449653192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:22.117376089 CET53601491.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:22.118752003 CET5964153192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:22.240530968 CET53644961.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:22.241621017 CET5928253192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:22.256568909 CET53596411.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:22.278315067 CET6283053192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:22.379647970 CET53592821.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:22.391786098 CET53627341.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:22.415905952 CET53628301.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:24.451702118 CET5881953192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:24.590850115 CET53588191.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:24.592856884 CET5282853192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:24.730942965 CET53528281.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:24.731682062 CET5327553192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:24.870043993 CET53532751.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:31.847918034 CET6072153192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:31.850164890 CET6253453192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:31.860140085 CET6388153192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:31.987401009 CET53625341.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:31.997102976 CET53638811.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:32.925671101 CET5583553192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:32.925720930 CET6327853192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:32.925975084 CET5357053192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:33.063076019 CET53558351.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:33.063357115 CET53535701.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:33.063445091 CET53632781.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:33.374933958 CET6428753192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:33.375145912 CET5387253192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:33.381689072 CET6413753192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:33.513643026 CET53538721.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:33.513987064 CET53642871.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:33.514421940 CET6529253192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:33.514643908 CET5264153192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:33.520124912 CET53641371.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:33.524267912 CET4927753192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:33.652029991 CET53652921.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:33.652333975 CET53526411.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:33.662003040 CET53492771.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:33.879136086 CET5767253192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:33.879940033 CET6307553192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:34.016912937 CET53576721.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:34.016964912 CET53630751.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:34.309256077 CET6526553192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:34.309432030 CET5700653192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:34.446700096 CET53570061.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:34.447513103 CET5056253192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:34.449095011 CET53652651.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:34.449743032 CET5806953192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:34.585252047 CET53505621.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:34.587502003 CET53580691.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:43.577768087 CET5531153192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:43.714831114 CET53553111.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:45.809413910 CET5847353192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:45.830504894 CET5311253192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:45.882496119 CET6336353192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:45.946870089 CET53584731.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:46.023356915 CET53633631.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:46.026448011 CET4958353192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:46.052186012 CET53531121.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:46.053761959 CET6536253192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:46.191586971 CET53653621.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:46.192631006 CET5220953192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:46.245623112 CET53495831.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:46.246634007 CET5840253192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:46.334779024 CET53522091.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:46.384753942 CET53584021.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:38:04.909857035 CET5584253192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:38:05.048207998 CET53558421.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:38:05.048933983 CET5416853192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:38:05.190088987 CET53541681.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:38:16.368309021 CET6082053192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:38:16.506042004 CET53608201.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:38:47.136280060 CET5202153192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:38:47.274372101 CET53520211.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:38:47.275785923 CET5467553192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:38:47.413259983 CET53546751.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:38:48.511171103 CET6328953192.168.2.51.1.1.1

                                                                                                                                                                                                                                                                                                                                                                          DNS Queries

                                                                                                                                                                                                                                                                                                                                                                          TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:16.969254017 CET192.168.2.51.1.1.10xc9ecStandard query (0)prod.classify-client.prod.webservices.mozgcp.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:17.124627113 CET192.168.2.51.1.1.10x3659Standard query (0)prod.classify-client.prod.webservices.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:17.898359060 CET192.168.2.51.1.1.10xf4cdStandard query (0)youtube.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:17.899599075 CET192.168.2.51.1.1.10xc13cStandard query (0)detectportal.firefox.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:18.051635981 CET192.168.2.51.1.1.10x9f71Standard query (0)youtube.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:18.052040100 CET192.168.2.51.1.1.10x59bcStandard query (0)prod.detectportal.prod.cloudops.mozgcp.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:18.190561056 CET192.168.2.51.1.1.10xb653Standard query (0)prod.detectportal.prod.cloudops.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:18.192045927 CET192.168.2.51.1.1.10xec32Standard query (0)youtube.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:18.309086084 CET192.168.2.51.1.1.10x37c1Standard query (0)contile.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:18.602540970 CET192.168.2.51.1.1.10x1788Standard query (0)contile.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:18.616231918 CET192.168.2.51.1.1.10x1600Standard query (0)spocs.getpocket.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:18.741329908 CET192.168.2.51.1.1.10x3e6bStandard query (0)contile.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:18.754940987 CET192.168.2.51.1.1.10xea40Standard query (0)prod.ads.prod.webservices.mozgcp.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:18.796942949 CET192.168.2.51.1.1.10xdec7Standard query (0)prod.balrog.prod.cloudops.mozgcp.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:18.845391989 CET192.168.2.51.1.1.10x5f41Standard query (0)content-signature-2.cdn.mozilla.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:18.893357038 CET192.168.2.51.1.1.10xe48fStandard query (0)prod.ads.prod.webservices.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:18.935470104 CET192.168.2.51.1.1.10xd565Standard query (0)prod.balrog.prod.cloudops.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:18.985738993 CET192.168.2.51.1.1.10xde12Standard query (0)content-signature-2.cdn.mozilla.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:19.130656958 CET192.168.2.51.1.1.10x1793Standard query (0)prod.content-signature-chains.prod.webservices.mozgcp.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:19.270100117 CET192.168.2.51.1.1.10xfe34Standard query (0)prod.content-signature-chains.prod.webservices.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:19.407497883 CET192.168.2.51.1.1.10x867aStandard query (0)example.orgA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:19.408075094 CET192.168.2.51.1.1.10x5b7Standard query (0)ipv4only.arpaA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:19.467628002 CET192.168.2.51.1.1.10x2959Standard query (0)detectportal.firefox.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:21.470580101 CET192.168.2.51.1.1.10x913eStandard query (0)shavar.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:21.620803118 CET192.168.2.51.1.1.10x480fStandard query (0)push.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:21.760312080 CET192.168.2.51.1.1.10x4f94Standard query (0)push.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:21.898294926 CET192.168.2.51.1.1.10x268fStandard query (0)push.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:21.979612112 CET192.168.2.51.1.1.10x1787Standard query (0)firefox.settings.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:22.102427959 CET192.168.2.51.1.1.10x4b67Standard query (0)telemetry-incoming.r53-2.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:22.118752003 CET192.168.2.51.1.1.10x77f0Standard query (0)prod.remote-settings.prod.webservices.mozgcp.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:22.241621017 CET192.168.2.51.1.1.10xa6dStandard query (0)telemetry-incoming.r53-2.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:22.278315067 CET192.168.2.51.1.1.10xbf9cStandard query (0)prod.remote-settings.prod.webservices.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:24.451702118 CET192.168.2.51.1.1.10x4c3cStandard query (0)support.mozilla.orgA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:24.592856884 CET192.168.2.51.1.1.10x98cStandard query (0)us-west1.prod.sumo.prod.webservices.mozgcp.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:24.731682062 CET192.168.2.51.1.1.10x81c6Standard query (0)us-west1.prod.sumo.prod.webservices.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:31.847918034 CET192.168.2.51.1.1.10x5514Standard query (0)detectportal.firefox.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:31.850164890 CET192.168.2.51.1.1.10xe1cStandard query (0)telemetry-incoming.r53-2.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:31.860140085 CET192.168.2.51.1.1.10xd2f2Standard query (0)push.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:32.925671101 CET192.168.2.51.1.1.10x5cd1Standard query (0)www.youtube.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:32.925720930 CET192.168.2.51.1.1.10x3ccbStandard query (0)www.facebook.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:32.925975084 CET192.168.2.51.1.1.10xa6b1Standard query (0)www.wikipedia.orgA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:33.374933958 CET192.168.2.51.1.1.10x744dStandard query (0)dyna.wikimedia.orgA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:33.375145912 CET192.168.2.51.1.1.10xb3a7Standard query (0)youtube-ui.l.google.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:33.381689072 CET192.168.2.51.1.1.10x78dbStandard query (0)star-mini.c10r.facebook.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:33.514421940 CET192.168.2.51.1.1.10xc30fStandard query (0)youtube-ui.l.google.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:33.514643908 CET192.168.2.51.1.1.10x1a41Standard query (0)dyna.wikimedia.org28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:33.524267912 CET192.168.2.51.1.1.10xdb39Standard query (0)star-mini.c10r.facebook.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:33.879136086 CET192.168.2.51.1.1.10xfe30Standard query (0)www.reddit.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:33.879940033 CET192.168.2.51.1.1.10x8a2dStandard query (0)twitter.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:34.309256077 CET192.168.2.51.1.1.10x10dfStandard query (0)dualstack.reddit.map.fastly.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:34.309432030 CET192.168.2.51.1.1.10x5ac8Standard query (0)twitter.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:34.447513103 CET192.168.2.51.1.1.10xaf2fStandard query (0)twitter.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:34.449743032 CET192.168.2.51.1.1.10xae96Standard query (0)dualstack.reddit.map.fastly.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:43.577768087 CET192.168.2.51.1.1.10x88cfStandard query (0)push.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:45.809413910 CET192.168.2.51.1.1.10xc1caStandard query (0)prod.balrog.prod.cloudops.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:45.830504894 CET192.168.2.51.1.1.10xf324Standard query (0)services.addons.mozilla.orgA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:45.882496119 CET192.168.2.51.1.1.10x183cStandard query (0)normandy.cdn.mozilla.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:46.026448011 CET192.168.2.51.1.1.10x9cb9Standard query (0)normandy-cdn.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:46.053761959 CET192.168.2.51.1.1.10x8736Standard query (0)services.addons.mozilla.orgA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:46.192631006 CET192.168.2.51.1.1.10x6970Standard query (0)services.addons.mozilla.org28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:46.246634007 CET192.168.2.51.1.1.10x1b1fStandard query (0)normandy-cdn.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:38:04.909857035 CET192.168.2.51.1.1.10xf1e5Standard query (0)push.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:38:05.048933983 CET192.168.2.51.1.1.10x258dStandard query (0)push.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:38:16.368309021 CET192.168.2.51.1.1.10x67a8Standard query (0)telemetry-incoming.r53-2.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:38:47.136280060 CET192.168.2.51.1.1.10xde72Standard query (0)push.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:38:47.275785923 CET192.168.2.51.1.1.10xf6c2Standard query (0)push.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:38:48.511171103 CET192.168.2.51.1.1.10x21c4Standard query (0)detectportal.firefox.comA (IP address)IN (0x0001)false

                                                                                                                                                                                                                                                                                                                                                                          DNS Answers

                                                                                                                                                                                                                                                                                                                                                                          TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:16.947081089 CET1.1.1.1192.168.2.50xf16No error (0)prod.classify-client.prod.webservices.mozgcp.net35.190.72.216A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:17.109848022 CET1.1.1.1192.168.2.50xc9ecNo error (0)prod.classify-client.prod.webservices.mozgcp.net35.190.72.216A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:18.036283970 CET1.1.1.1192.168.2.50xf4cdNo error (0)youtube.com142.250.181.142A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:18.043643951 CET1.1.1.1192.168.2.50xc13cNo error (0)detectportal.firefox.comdetectportal.prod.mozaws.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:18.043643951 CET1.1.1.1192.168.2.50xc13cNo error (0)prod.detectportal.prod.cloudops.mozgcp.net34.107.221.82A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:18.189366102 CET1.1.1.1192.168.2.50x59bcNo error (0)prod.detectportal.prod.cloudops.mozgcp.net34.107.221.82A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:18.191590071 CET1.1.1.1192.168.2.50x9f71No error (0)youtube.com142.250.181.78A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:18.328283072 CET1.1.1.1192.168.2.50xb653No error (0)prod.detectportal.prod.cloudops.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:18.329144955 CET1.1.1.1192.168.2.50xec32No error (0)youtube.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:18.448760033 CET1.1.1.1192.168.2.50x37c1No error (0)contile.services.mozilla.com34.117.188.166A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:18.740639925 CET1.1.1.1192.168.2.50x1788No error (0)contile.services.mozilla.com34.117.188.166A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:18.753880978 CET1.1.1.1192.168.2.50x1600No error (0)spocs.getpocket.comprod.ads.prod.webservices.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:18.753880978 CET1.1.1.1192.168.2.50x1600No error (0)prod.ads.prod.webservices.mozgcp.net34.117.188.166A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:18.795769930 CET1.1.1.1192.168.2.50xa30aNo error (0)balrog-aus5.r53-2.services.mozilla.comprod.balrog.prod.cloudops.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:18.795769930 CET1.1.1.1192.168.2.50xa30aNo error (0)prod.balrog.prod.cloudops.mozgcp.net35.244.181.201A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:18.892596006 CET1.1.1.1192.168.2.50xea40No error (0)prod.ads.prod.webservices.mozgcp.net34.117.188.166A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:18.934753895 CET1.1.1.1192.168.2.50xdec7No error (0)prod.balrog.prod.cloudops.mozgcp.net35.244.181.201A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:18.983056068 CET1.1.1.1192.168.2.50x5f41No error (0)content-signature-2.cdn.mozilla.netcontent-signature-chains.prod.autograph.services.mozaws.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:18.983056068 CET1.1.1.1192.168.2.50x5f41No error (0)content-signature-chains.prod.autograph.services.mozaws.netprod.content-signature-chains.prod.webservices.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:18.983056068 CET1.1.1.1192.168.2.50x5f41No error (0)prod.content-signature-chains.prod.webservices.mozgcp.net34.160.144.191A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:19.124059916 CET1.1.1.1192.168.2.50xde12No error (0)content-signature-2.cdn.mozilla.netcontent-signature-chains.prod.autograph.services.mozaws.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:19.124059916 CET1.1.1.1192.168.2.50xde12No error (0)content-signature-chains.prod.autograph.services.mozaws.netprod.content-signature-chains.prod.webservices.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:19.124059916 CET1.1.1.1192.168.2.50xde12No error (0)prod.content-signature-chains.prod.webservices.mozgcp.net34.160.144.191A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:19.268270016 CET1.1.1.1192.168.2.50x1793No error (0)prod.content-signature-chains.prod.webservices.mozgcp.net34.160.144.191A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:19.811996937 CET1.1.1.1192.168.2.50xfe34No error (0)prod.content-signature-chains.prod.webservices.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:19.812354088 CET1.1.1.1192.168.2.50x5b7No error (0)ipv4only.arpa192.0.0.171A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:19.812354088 CET1.1.1.1192.168.2.50x5b7No error (0)ipv4only.arpa192.0.0.170A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:19.812679052 CET1.1.1.1192.168.2.50x867aNo error (0)example.org93.184.215.14A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:19.814572096 CET1.1.1.1192.168.2.50x2959No error (0)detectportal.firefox.comdetectportal.prod.mozaws.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:19.814572096 CET1.1.1.1192.168.2.50x2959No error (0)prod.detectportal.prod.cloudops.mozgcp.net34.107.221.82A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:21.758081913 CET1.1.1.1192.168.2.50x480fNo error (0)push.services.mozilla.com34.107.243.93A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:21.865801096 CET1.1.1.1192.168.2.50x913eNo error (0)shavar.services.mozilla.comshavar.prod.mozaws.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:21.897557974 CET1.1.1.1192.168.2.50x4f94No error (0)push.services.mozilla.com34.107.243.93A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:22.090703964 CET1.1.1.1192.168.2.50x2bc7No error (0)telemetry-incoming.r53-2.services.mozilla.com34.120.208.123A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:22.117376089 CET1.1.1.1192.168.2.50x1787No error (0)firefox.settings.services.mozilla.comprod.remote-settings.prod.webservices.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:22.117376089 CET1.1.1.1192.168.2.50x1787No error (0)prod.remote-settings.prod.webservices.mozgcp.net34.149.100.209A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:22.119601965 CET1.1.1.1192.168.2.50xb46No error (0)balrog-aus5.r53-2.services.mozilla.comprod.balrog.prod.cloudops.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:22.119601965 CET1.1.1.1192.168.2.50xb46No error (0)prod.balrog.prod.cloudops.mozgcp.net35.244.181.201A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:22.240530968 CET1.1.1.1192.168.2.50x4b67No error (0)telemetry-incoming.r53-2.services.mozilla.com34.120.208.123A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:22.256568909 CET1.1.1.1192.168.2.50x77f0No error (0)prod.remote-settings.prod.webservices.mozgcp.net34.149.100.209A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:24.590850115 CET1.1.1.1192.168.2.50x4c3cNo error (0)support.mozilla.orgprod.sumo.prod.webservices.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:24.590850115 CET1.1.1.1192.168.2.50x4c3cNo error (0)prod.sumo.prod.webservices.mozgcp.netus-west1.prod.sumo.prod.webservices.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:24.590850115 CET1.1.1.1192.168.2.50x4c3cNo error (0)us-west1.prod.sumo.prod.webservices.mozgcp.net34.149.128.2A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:24.730942965 CET1.1.1.1192.168.2.50x98cNo error (0)us-west1.prod.sumo.prod.webservices.mozgcp.net34.149.128.2A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:24.923692942 CET1.1.1.1192.168.2.50x918bNo error (0)telemetry-incoming.r53-2.services.mozilla.com34.120.208.123A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:31.986562967 CET1.1.1.1192.168.2.50x5514No error (0)detectportal.firefox.comdetectportal.prod.mozaws.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:31.986562967 CET1.1.1.1192.168.2.50x5514No error (0)prod.detectportal.prod.cloudops.mozgcp.net34.107.221.82A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:33.063076019 CET1.1.1.1192.168.2.50x5cd1No error (0)www.youtube.comyoutube-ui.l.google.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:33.063076019 CET1.1.1.1192.168.2.50x5cd1No error (0)youtube-ui.l.google.com142.250.181.78A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:33.063076019 CET1.1.1.1192.168.2.50x5cd1No error (0)youtube-ui.l.google.com172.217.17.46A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:33.063076019 CET1.1.1.1192.168.2.50x5cd1No error (0)youtube-ui.l.google.com142.250.181.14A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:33.063076019 CET1.1.1.1192.168.2.50x5cd1No error (0)youtube-ui.l.google.com172.217.19.238A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:33.063076019 CET1.1.1.1192.168.2.50x5cd1No error (0)youtube-ui.l.google.com142.250.181.142A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:33.063076019 CET1.1.1.1192.168.2.50x5cd1No error (0)youtube-ui.l.google.com142.250.181.46A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:33.063076019 CET1.1.1.1192.168.2.50x5cd1No error (0)youtube-ui.l.google.com142.250.181.110A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:33.063076019 CET1.1.1.1192.168.2.50x5cd1No error (0)youtube-ui.l.google.com172.217.19.206A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:33.063076019 CET1.1.1.1192.168.2.50x5cd1No error (0)youtube-ui.l.google.com172.217.17.78A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:33.063357115 CET1.1.1.1192.168.2.50xa6b1No error (0)www.wikipedia.orgdyna.wikimedia.orgCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:33.063357115 CET1.1.1.1192.168.2.50xa6b1No error (0)dyna.wikimedia.org185.15.58.224A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:33.063445091 CET1.1.1.1192.168.2.50x3ccbNo error (0)www.facebook.comstar-mini.c10r.facebook.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:33.063445091 CET1.1.1.1192.168.2.50x3ccbNo error (0)star-mini.c10r.facebook.com157.240.196.35A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:33.513643026 CET1.1.1.1192.168.2.50xb3a7No error (0)youtube-ui.l.google.com172.217.19.206A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:33.513643026 CET1.1.1.1192.168.2.50xb3a7No error (0)youtube-ui.l.google.com142.250.181.110A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:33.513643026 CET1.1.1.1192.168.2.50xb3a7No error (0)youtube-ui.l.google.com142.250.181.142A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:33.513643026 CET1.1.1.1192.168.2.50xb3a7No error (0)youtube-ui.l.google.com172.217.19.238A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:33.513643026 CET1.1.1.1192.168.2.50xb3a7No error (0)youtube-ui.l.google.com142.250.181.78A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:33.513643026 CET1.1.1.1192.168.2.50xb3a7No error (0)youtube-ui.l.google.com172.217.17.78A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:33.513643026 CET1.1.1.1192.168.2.50xb3a7No error (0)youtube-ui.l.google.com172.217.17.46A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:33.513643026 CET1.1.1.1192.168.2.50xb3a7No error (0)youtube-ui.l.google.com172.217.19.174A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:33.513643026 CET1.1.1.1192.168.2.50xb3a7No error (0)youtube-ui.l.google.com216.58.208.238A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:33.513987064 CET1.1.1.1192.168.2.50x744dNo error (0)dyna.wikimedia.org185.15.58.224A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:33.520124912 CET1.1.1.1192.168.2.50x78dbNo error (0)star-mini.c10r.facebook.com157.240.196.35A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:33.652029991 CET1.1.1.1192.168.2.50xc30fNo error (0)youtube-ui.l.google.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:33.652029991 CET1.1.1.1192.168.2.50xc30fNo error (0)youtube-ui.l.google.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:33.652029991 CET1.1.1.1192.168.2.50xc30fNo error (0)youtube-ui.l.google.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:33.652029991 CET1.1.1.1192.168.2.50xc30fNo error (0)youtube-ui.l.google.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:33.652333975 CET1.1.1.1192.168.2.50x1a41No error (0)dyna.wikimedia.org28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:33.662003040 CET1.1.1.1192.168.2.50xdb39No error (0)star-mini.c10r.facebook.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:34.016912937 CET1.1.1.1192.168.2.50xfe30No error (0)www.reddit.comdualstack.reddit.map.fastly.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:34.016912937 CET1.1.1.1192.168.2.50xfe30No error (0)dualstack.reddit.map.fastly.net151.101.65.140A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:34.016912937 CET1.1.1.1192.168.2.50xfe30No error (0)dualstack.reddit.map.fastly.net151.101.1.140A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:34.016912937 CET1.1.1.1192.168.2.50xfe30No error (0)dualstack.reddit.map.fastly.net151.101.193.140A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:34.016912937 CET1.1.1.1192.168.2.50xfe30No error (0)dualstack.reddit.map.fastly.net151.101.129.140A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:34.016964912 CET1.1.1.1192.168.2.50x8a2dNo error (0)twitter.com104.244.42.129A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:34.446700096 CET1.1.1.1192.168.2.50x5ac8No error (0)twitter.com104.244.42.193A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:34.446700096 CET1.1.1.1192.168.2.50x5ac8No error (0)twitter.com104.244.42.129A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:34.446700096 CET1.1.1.1192.168.2.50x5ac8No error (0)twitter.com104.244.42.1A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:34.446700096 CET1.1.1.1192.168.2.50x5ac8No error (0)twitter.com104.244.42.65A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:34.449095011 CET1.1.1.1192.168.2.50x10dfNo error (0)dualstack.reddit.map.fastly.net151.101.1.140A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:34.449095011 CET1.1.1.1192.168.2.50x10dfNo error (0)dualstack.reddit.map.fastly.net151.101.193.140A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:34.449095011 CET1.1.1.1192.168.2.50x10dfNo error (0)dualstack.reddit.map.fastly.net151.101.129.140A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:34.449095011 CET1.1.1.1192.168.2.50x10dfNo error (0)dualstack.reddit.map.fastly.net151.101.65.140A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:34.587502003 CET1.1.1.1192.168.2.50xae96No error (0)dualstack.reddit.map.fastly.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:34.587502003 CET1.1.1.1192.168.2.50xae96No error (0)dualstack.reddit.map.fastly.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:34.587502003 CET1.1.1.1192.168.2.50xae96No error (0)dualstack.reddit.map.fastly.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:34.587502003 CET1.1.1.1192.168.2.50xae96No error (0)dualstack.reddit.map.fastly.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:46.023356915 CET1.1.1.1192.168.2.50x183cNo error (0)normandy.cdn.mozilla.netnormandy-cdn.services.mozilla.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:46.023356915 CET1.1.1.1192.168.2.50x183cNo error (0)normandy-cdn.services.mozilla.com35.201.103.21A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:46.052186012 CET1.1.1.1192.168.2.50xf324No error (0)services.addons.mozilla.org151.101.1.91A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:46.052186012 CET1.1.1.1192.168.2.50xf324No error (0)services.addons.mozilla.org151.101.65.91A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:46.052186012 CET1.1.1.1192.168.2.50xf324No error (0)services.addons.mozilla.org151.101.129.91A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:46.052186012 CET1.1.1.1192.168.2.50xf324No error (0)services.addons.mozilla.org151.101.193.91A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:46.191586971 CET1.1.1.1192.168.2.50x8736No error (0)services.addons.mozilla.org151.101.1.91A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:46.191586971 CET1.1.1.1192.168.2.50x8736No error (0)services.addons.mozilla.org151.101.193.91A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:46.191586971 CET1.1.1.1192.168.2.50x8736No error (0)services.addons.mozilla.org151.101.129.91A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:46.191586971 CET1.1.1.1192.168.2.50x8736No error (0)services.addons.mozilla.org151.101.65.91A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:46.245623112 CET1.1.1.1192.168.2.50x9cb9No error (0)normandy-cdn.services.mozilla.com35.201.103.21A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:46.334779024 CET1.1.1.1192.168.2.50x6970No error (0)services.addons.mozilla.org28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:46.334779024 CET1.1.1.1192.168.2.50x6970No error (0)services.addons.mozilla.org28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:46.334779024 CET1.1.1.1192.168.2.50x6970No error (0)services.addons.mozilla.org28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:46.334779024 CET1.1.1.1192.168.2.50x6970No error (0)services.addons.mozilla.org28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:49.276901007 CET1.1.1.1192.168.2.50x2eb7No error (0)a21ed24aedde648804e7-228765c84088fef4ff5e70f2710398e9.r17.cf1.rackcdn.coma17.rackcdn.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:49.276901007 CET1.1.1.1192.168.2.50x2eb7No error (0)a17.rackcdn.coma17.rackcdn.com.mdc.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:38:05.048207998 CET1.1.1.1192.168.2.50xf1e5No error (0)push.services.mozilla.com34.107.243.93A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:38:16.356446028 CET1.1.1.1192.168.2.50x2973No error (0)telemetry-incoming.r53-2.services.mozilla.com34.120.208.123A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:38:47.274372101 CET1.1.1.1192.168.2.50xde72No error (0)push.services.mozilla.com34.107.243.93A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:38:48.648612022 CET1.1.1.1192.168.2.50x21c4No error (0)detectportal.firefox.comdetectportal.prod.mozaws.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:38:48.648612022 CET1.1.1.1192.168.2.50x21c4No error (0)prod.detectportal.prod.cloudops.mozgcp.net34.107.221.82A (IP address)IN (0x0001)false

                                                                                                                                                                                                                                                                                                                                                                          HTTP Request Dependency Graph

                                                                                                                                                                                                                                                                                                                                                                          • detectportal.firefox.com

                                                                                                                                                                                                                                                                                                                                                                          HTTP Packets

                                                                                                                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                          0192.168.2.54972934.107.221.82807428C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:18.168845892 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                          Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                          Accept: */*
                                                                                                                                                                                                                                                                                                                                                                          Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:19.254499912 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                                                                                                          Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                                          Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                          Date: Sun, 01 Dec 2024 14:41:14 GMT
                                                                                                                                                                                                                                                                                                                                                                          Age: 57365
                                                                                                                                                                                                                                                                                                                                                                          Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                          Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                          Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                                          Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:19.793622971 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                                                                                                          Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                                          Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                          Date: Sun, 01 Dec 2024 14:41:14 GMT
                                                                                                                                                                                                                                                                                                                                                                          Age: 57365
                                                                                                                                                                                                                                                                                                                                                                          Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                          Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                          Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                                          Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>


                                                                                                                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                          1192.168.2.54973534.107.221.82807428C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:19.956792116 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                          Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                          Accept: */*
                                                                                                                                                                                                                                                                                                                                                                          Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:21.089096069 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                                                                                                          Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                                          Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                          Date: Sun, 01 Dec 2024 19:18:09 GMT
                                                                                                                                                                                                                                                                                                                                                                          Age: 40751
                                                                                                                                                                                                                                                                                                                                                                          Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                                          Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                          Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                                          Data Ascii: success


                                                                                                                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                          2192.168.2.54974134.107.221.82807428C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:20.695770979 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                          Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                          Accept: */*
                                                                                                                                                                                                                                                                                                                                                                          Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:21.826172113 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                                                                                                          Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                                          Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                          Date: Mon, 02 Dec 2024 00:09:42 GMT
                                                                                                                                                                                                                                                                                                                                                                          Age: 23259
                                                                                                                                                                                                                                                                                                                                                                          Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                          Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                          Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                                          Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:24.782922983 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                          Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                          Accept: */*
                                                                                                                                                                                                                                                                                                                                                                          Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:25.106313944 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                                                                                                          Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                                          Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                          Date: Mon, 02 Dec 2024 00:09:42 GMT
                                                                                                                                                                                                                                                                                                                                                                          Age: 23262
                                                                                                                                                                                                                                                                                                                                                                          Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                          Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                          Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                                          Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:31.848068953 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                          Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                          Accept: */*
                                                                                                                                                                                                                                                                                                                                                                          Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:32.173423052 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                                                                                                          Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                                          Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                          Date: Mon, 02 Dec 2024 00:09:42 GMT
                                                                                                                                                                                                                                                                                                                                                                          Age: 23270
                                                                                                                                                                                                                                                                                                                                                                          Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                          Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                          Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                                          Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:33.881477118 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                          Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                          Accept: */*
                                                                                                                                                                                                                                                                                                                                                                          Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:34.209147930 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                                                                                                          Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                                          Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                          Date: Mon, 02 Dec 2024 00:09:42 GMT
                                                                                                                                                                                                                                                                                                                                                                          Age: 23272
                                                                                                                                                                                                                                                                                                                                                                          Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                          Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                          Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                                          Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:42.245815992 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                          Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                          Accept: */*
                                                                                                                                                                                                                                                                                                                                                                          Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:42.569205999 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                                                                                                          Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                                          Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                          Date: Mon, 02 Dec 2024 00:09:42 GMT
                                                                                                                                                                                                                                                                                                                                                                          Age: 23280
                                                                                                                                                                                                                                                                                                                                                                          Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                          Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                          Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                                          Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:44.842878103 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                          Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                          Accept: */*
                                                                                                                                                                                                                                                                                                                                                                          Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:45.166492939 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                                                                                                          Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                                          Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                          Date: Mon, 02 Dec 2024 00:09:42 GMT
                                                                                                                                                                                                                                                                                                                                                                          Age: 23283
                                                                                                                                                                                                                                                                                                                                                                          Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                          Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                          Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                                          Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:47.125169039 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                          Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                          Accept: */*
                                                                                                                                                                                                                                                                                                                                                                          Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:47.448533058 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                                                                                                          Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                                          Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                          Date: Mon, 02 Dec 2024 00:09:42 GMT
                                                                                                                                                                                                                                                                                                                                                                          Age: 23285
                                                                                                                                                                                                                                                                                                                                                                          Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                          Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                          Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                                          Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:48.558727026 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                          Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                          Accept: */*
                                                                                                                                                                                                                                                                                                                                                                          Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:48.882551908 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                                                                                                          Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                                          Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                          Date: Mon, 02 Dec 2024 00:09:42 GMT
                                                                                                                                                                                                                                                                                                                                                                          Age: 23286
                                                                                                                                                                                                                                                                                                                                                                          Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                          Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                          Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                                          Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:58.885413885 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                                          Data Ascii:
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:38:06.362562895 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                          Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                          Accept: */*
                                                                                                                                                                                                                                                                                                                                                                          Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:38:06.686279058 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                                                                                                          Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                                          Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                          Date: Mon, 02 Dec 2024 00:09:42 GMT
                                                                                                                                                                                                                                                                                                                                                                          Age: 23304
                                                                                                                                                                                                                                                                                                                                                                          Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                          Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                          Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                                          Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:38:16.688452005 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                                          Data Ascii:
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:38:17.587336063 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                          Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                          Accept: */*
                                                                                                                                                                                                                                                                                                                                                                          Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:38:17.910995007 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                                                                                                          Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                                          Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                          Date: Mon, 02 Dec 2024 00:09:42 GMT
                                                                                                                                                                                                                                                                                                                                                                          Age: 23315
                                                                                                                                                                                                                                                                                                                                                                          Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                          Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                          Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                                          Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:38:27.919214964 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                                          Data Ascii:
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:38:38.051287889 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                                          Data Ascii:
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:38:48.180082083 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                                          Data Ascii:
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:38:48.510798931 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                          Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                          Accept: */*
                                                                                                                                                                                                                                                                                                                                                                          Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:38:48.834415913 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                                                                                                          Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                                          Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                          Date: Mon, 02 Dec 2024 00:09:42 GMT
                                                                                                                                                                                                                                                                                                                                                                          Age: 23346
                                                                                                                                                                                                                                                                                                                                                                          Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                          Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                          Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                                          Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:38:58.849061966 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                                          Data Ascii:
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:39:08.978204966 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                                          Data Ascii:


                                                                                                                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                          3192.168.2.54974634.107.221.82807428C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:22.088917971 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                          Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                          Accept: */*
                                                                                                                                                                                                                                                                                                                                                                          Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:23.266231060 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                                                                                                          Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                                          Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                          Date: Sun, 01 Dec 2024 19:18:09 GMT
                                                                                                                                                                                                                                                                                                                                                                          Age: 40754
                                                                                                                                                                                                                                                                                                                                                                          Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                                          Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                          Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                                          Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:25.114193916 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                          Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                          Accept: */*
                                                                                                                                                                                                                                                                                                                                                                          Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:25.447665930 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                                                                                                          Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                                          Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                          Date: Sun, 01 Dec 2024 19:18:09 GMT
                                                                                                                                                                                                                                                                                                                                                                          Age: 40756
                                                                                                                                                                                                                                                                                                                                                                          Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                                          Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                          Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                                          Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:32.911710024 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                          Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                          Accept: */*
                                                                                                                                                                                                                                                                                                                                                                          Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:33.245538950 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                                                                                                          Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                                          Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                          Date: Sun, 01 Dec 2024 19:18:09 GMT
                                                                                                                                                                                                                                                                                                                                                                          Age: 40764
                                                                                                                                                                                                                                                                                                                                                                          Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                                          Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                          Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                                          Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:34.335751057 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                          Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                          Accept: */*
                                                                                                                                                                                                                                                                                                                                                                          Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:34.669157982 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                                                                                                          Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                                          Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                          Date: Sun, 01 Dec 2024 19:18:09 GMT
                                                                                                                                                                                                                                                                                                                                                                          Age: 40765
                                                                                                                                                                                                                                                                                                                                                                          Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                                          Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                          Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                                          Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:42.572885036 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                          Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                          Accept: */*
                                                                                                                                                                                                                                                                                                                                                                          Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:42.905999899 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                                                                                                          Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                                          Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                          Date: Sun, 01 Dec 2024 19:18:09 GMT
                                                                                                                                                                                                                                                                                                                                                                          Age: 40773
                                                                                                                                                                                                                                                                                                                                                                          Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                                          Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                          Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                                          Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:45.169811964 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                          Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                          Accept: */*
                                                                                                                                                                                                                                                                                                                                                                          Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:45.503631115 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                                                                                                          Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                                          Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                          Date: Sun, 01 Dec 2024 19:18:09 GMT
                                                                                                                                                                                                                                                                                                                                                                          Age: 40776
                                                                                                                                                                                                                                                                                                                                                                          Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                                          Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                          Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                                          Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:47.451693058 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                          Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                          Accept: */*
                                                                                                                                                                                                                                                                                                                                                                          Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:47.785032034 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                                                                                                          Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                                          Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                          Date: Sun, 01 Dec 2024 19:18:09 GMT
                                                                                                                                                                                                                                                                                                                                                                          Age: 40778
                                                                                                                                                                                                                                                                                                                                                                          Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                                          Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                          Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                                          Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:48.885725975 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                          Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                          Accept: */*
                                                                                                                                                                                                                                                                                                                                                                          Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:49.219024897 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                                                                                                          Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                                          Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                          Date: Sun, 01 Dec 2024 19:18:09 GMT
                                                                                                                                                                                                                                                                                                                                                                          Age: 40780
                                                                                                                                                                                                                                                                                                                                                                          Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                                          Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                          Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                                          Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:37:59.239753008 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                                          Data Ascii:
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:38:06.689308882 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                          Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                          Accept: */*
                                                                                                                                                                                                                                                                                                                                                                          Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:38:07.022233009 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                                                                                                          Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                                          Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                          Date: Sun, 01 Dec 2024 19:18:09 GMT
                                                                                                                                                                                                                                                                                                                                                                          Age: 40797
                                                                                                                                                                                                                                                                                                                                                                          Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                                          Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                          Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                                          Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:38:17.027201891 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                                          Data Ascii:
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:38:17.914405107 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                          Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                          Accept: */*
                                                                                                                                                                                                                                                                                                                                                                          Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:38:18.247778893 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                                                                                                          Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                                          Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                          Date: Sun, 01 Dec 2024 19:18:09 GMT
                                                                                                                                                                                                                                                                                                                                                                          Age: 40809
                                                                                                                                                                                                                                                                                                                                                                          Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                                          Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                          Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                                          Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:38:28.251358986 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                                          Data Ascii:
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:38:38.374291897 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                                          Data Ascii:
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:38:48.503199100 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                                          Data Ascii:
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:38:48.838424921 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                          Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                          Accept: */*
                                                                                                                                                                                                                                                                                                                                                                          Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:38:49.171679974 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                                                                                                          Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                                          Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                          Date: Sun, 01 Dec 2024 19:18:09 GMT
                                                                                                                                                                                                                                                                                                                                                                          Age: 40840
                                                                                                                                                                                                                                                                                                                                                                          Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                                          Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                          Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                                          Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:38:59.181163073 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                                          Data Ascii:
                                                                                                                                                                                                                                                                                                                                                                          Dec 2, 2024 07:39:09.309472084 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                                          Data Ascii:


                                                                                                                                                                                                                                                                                                                                                                          Statistics

                                                                                                                                                                                                                                                                                                                                                                          CPU Usage

                                                                                                                                                                                                                                                                                                                                                                          Click to jump to process

                                                                                                                                                                                                                                                                                                                                                                          Memory Usage

                                                                                                                                                                                                                                                                                                                                                                          Click to jump to process

                                                                                                                                                                                                                                                                                                                                                                          High Level Behavior Distribution

                                                                                                                                                                                                                                                                                                                                                                          Click to dive into process behavior distribution

                                                                                                                                                                                                                                                                                                                                                                          Behavior

                                                                                                                                                                                                                                                                                                                                                                          Click to jump to process

                                                                                                                                                                                                                                                                                                                                                                          System Behavior

                                                                                                                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                                                                                                                          Target ID:0
                                                                                                                                                                                                                                                                                                                                                                          Start time:01:37:09
                                                                                                                                                                                                                                                                                                                                                                          Start date:02/12/2024
                                                                                                                                                                                                                                                                                                                                                                          Path:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                                                                                          Commandline:"C:\Users\user\Desktop\file.exe"
                                                                                                                                                                                                                                                                                                                                                                          Imagebase:0xa00000
                                                                                                                                                                                                                                                                                                                                                                          File size:972'288 bytes
                                                                                                                                                                                                                                                                                                                                                                          MD5 hash:C02392D9A9831E51C84E937678A960BE
                                                                                                                                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                          Reputation:low
                                                                                                                                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                                                                                                                          Target ID:2
                                                                                                                                                                                                                                                                                                                                                                          Start time:01:37:10
                                                                                                                                                                                                                                                                                                                                                                          Start date:02/12/2024
                                                                                                                                                                                                                                                                                                                                                                          Path:C:\Windows\SysWOW64\taskkill.exe
                                                                                                                                                                                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                                                                                          Commandline:taskkill /F /IM firefox.exe /T
                                                                                                                                                                                                                                                                                                                                                                          Imagebase:0xd10000
                                                                                                                                                                                                                                                                                                                                                                          File size:74'240 bytes
                                                                                                                                                                                                                                                                                                                                                                          MD5 hash:CA313FD7E6C2A778FFD21CFB5C1C56CD
                                                                                                                                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                          Reputation:high
                                                                                                                                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                                                                                                                          Target ID:3
                                                                                                                                                                                                                                                                                                                                                                          Start time:01:37:10
                                                                                                                                                                                                                                                                                                                                                                          Start date:02/12/2024
                                                                                                                                                                                                                                                                                                                                                                          Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                                                                                                                          Imagebase:0x7ff6d64d0000
                                                                                                                                                                                                                                                                                                                                                                          File size:862'208 bytes
                                                                                                                                                                                                                                                                                                                                                                          MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                          Reputation:high
                                                                                                                                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                                                                                                                          Target ID:4
                                                                                                                                                                                                                                                                                                                                                                          Start time:01:37:12
                                                                                                                                                                                                                                                                                                                                                                          Start date:02/12/2024
                                                                                                                                                                                                                                                                                                                                                                          Path:C:\Windows\SysWOW64\taskkill.exe
                                                                                                                                                                                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                                                                                          Commandline:taskkill /F /IM chrome.exe /T
                                                                                                                                                                                                                                                                                                                                                                          Imagebase:0xd10000
                                                                                                                                                                                                                                                                                                                                                                          File size:74'240 bytes
                                                                                                                                                                                                                                                                                                                                                                          MD5 hash:CA313FD7E6C2A778FFD21CFB5C1C56CD
                                                                                                                                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                          Reputation:high
                                                                                                                                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                                                                                                                          Target ID:5
                                                                                                                                                                                                                                                                                                                                                                          Start time:01:37:12
                                                                                                                                                                                                                                                                                                                                                                          Start date:02/12/2024
                                                                                                                                                                                                                                                                                                                                                                          Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                                                                                                                          Imagebase:0x7ff6d64d0000
                                                                                                                                                                                                                                                                                                                                                                          File size:862'208 bytes
                                                                                                                                                                                                                                                                                                                                                                          MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                          Reputation:high
                                                                                                                                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                                                                                                                          Target ID:6
                                                                                                                                                                                                                                                                                                                                                                          Start time:01:37:12
                                                                                                                                                                                                                                                                                                                                                                          Start date:02/12/2024
                                                                                                                                                                                                                                                                                                                                                                          Path:C:\Windows\SysWOW64\taskkill.exe
                                                                                                                                                                                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                                                                                          Commandline:taskkill /F /IM msedge.exe /T
                                                                                                                                                                                                                                                                                                                                                                          Imagebase:0xd10000
                                                                                                                                                                                                                                                                                                                                                                          File size:74'240 bytes
                                                                                                                                                                                                                                                                                                                                                                          MD5 hash:CA313FD7E6C2A778FFD21CFB5C1C56CD
                                                                                                                                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                          Reputation:high
                                                                                                                                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                                                                                                                          Target ID:7
                                                                                                                                                                                                                                                                                                                                                                          Start time:01:37:12
                                                                                                                                                                                                                                                                                                                                                                          Start date:02/12/2024
                                                                                                                                                                                                                                                                                                                                                                          Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                                                                                                                          Imagebase:0x7ff6d64d0000
                                                                                                                                                                                                                                                                                                                                                                          File size:862'208 bytes
                                                                                                                                                                                                                                                                                                                                                                          MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                          Reputation:high
                                                                                                                                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                                                                                                                          Target ID:8
                                                                                                                                                                                                                                                                                                                                                                          Start time:01:37:13
                                                                                                                                                                                                                                                                                                                                                                          Start date:02/12/2024
                                                                                                                                                                                                                                                                                                                                                                          Path:C:\Windows\SysWOW64\taskkill.exe
                                                                                                                                                                                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                                                                                          Commandline:taskkill /F /IM opera.exe /T
                                                                                                                                                                                                                                                                                                                                                                          Imagebase:0xd10000
                                                                                                                                                                                                                                                                                                                                                                          File size:74'240 bytes
                                                                                                                                                                                                                                                                                                                                                                          MD5 hash:CA313FD7E6C2A778FFD21CFB5C1C56CD
                                                                                                                                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                          Reputation:high
                                                                                                                                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                                                                                                                          Target ID:9
                                                                                                                                                                                                                                                                                                                                                                          Start time:01:37:13
                                                                                                                                                                                                                                                                                                                                                                          Start date:02/12/2024
                                                                                                                                                                                                                                                                                                                                                                          Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                                                                                                                          Imagebase:0x7ff6d64d0000
                                                                                                                                                                                                                                                                                                                                                                          File size:862'208 bytes
                                                                                                                                                                                                                                                                                                                                                                          MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                          Reputation:high
                                                                                                                                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                                                                                                                          Target ID:10
                                                                                                                                                                                                                                                                                                                                                                          Start time:01:37:13
                                                                                                                                                                                                                                                                                                                                                                          Start date:02/12/2024
                                                                                                                                                                                                                                                                                                                                                                          Path:C:\Windows\SysWOW64\taskkill.exe
                                                                                                                                                                                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                                                                                          Commandline:taskkill /F /IM brave.exe /T
                                                                                                                                                                                                                                                                                                                                                                          Imagebase:0xd10000
                                                                                                                                                                                                                                                                                                                                                                          File size:74'240 bytes
                                                                                                                                                                                                                                                                                                                                                                          MD5 hash:CA313FD7E6C2A778FFD21CFB5C1C56CD
                                                                                                                                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                          Reputation:high
                                                                                                                                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                                                                                                                          Target ID:11
                                                                                                                                                                                                                                                                                                                                                                          Start time:01:37:13
                                                                                                                                                                                                                                                                                                                                                                          Start date:02/12/2024
                                                                                                                                                                                                                                                                                                                                                                          Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                                                                                                                          Imagebase:0x7ff6d64d0000
                                                                                                                                                                                                                                                                                                                                                                          File size:862'208 bytes
                                                                                                                                                                                                                                                                                                                                                                          MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                          Reputation:high
                                                                                                                                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                                                                                                                          Target ID:12
                                                                                                                                                                                                                                                                                                                                                                          Start time:01:37:13
                                                                                                                                                                                                                                                                                                                                                                          Start date:02/12/2024
                                                                                                                                                                                                                                                                                                                                                                          Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                                          Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --no-default-browser-check --disable-popup-blocking
                                                                                                                                                                                                                                                                                                                                                                          Imagebase:0x7ff79f9e0000
                                                                                                                                                                                                                                                                                                                                                                          File size:676'768 bytes
                                                                                                                                                                                                                                                                                                                                                                          MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                                                                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                                                                                                                          Target ID:13
                                                                                                                                                                                                                                                                                                                                                                          Start time:01:37:13
                                                                                                                                                                                                                                                                                                                                                                          Start date:02/12/2024
                                                                                                                                                                                                                                                                                                                                                                          Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                                          Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking --attempting-deelevation
                                                                                                                                                                                                                                                                                                                                                                          Imagebase:0x7ff79f9e0000
                                                                                                                                                                                                                                                                                                                                                                          File size:676'768 bytes
                                                                                                                                                                                                                                                                                                                                                                          MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                                                                                                                                                                                                                                                                                                          Has elevated privileges:false
                                                                                                                                                                                                                                                                                                                                                                          Has administrator privileges:false
                                                                                                                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                                                                                                                          Target ID:14
                                                                                                                                                                                                                                                                                                                                                                          Start time:01:37:13
                                                                                                                                                                                                                                                                                                                                                                          Start date:02/12/2024
                                                                                                                                                                                                                                                                                                                                                                          Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                                          Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking
                                                                                                                                                                                                                                                                                                                                                                          Imagebase:0x7ff79f9e0000
                                                                                                                                                                                                                                                                                                                                                                          File size:676'768 bytes
                                                                                                                                                                                                                                                                                                                                                                          MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                                                                                                                                                                                                                                                                                                          Has elevated privileges:false
                                                                                                                                                                                                                                                                                                                                                                          Has administrator privileges:false
                                                                                                                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                          Has exited:false

                                                                                                                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                                                                                                                          Target ID:16
                                                                                                                                                                                                                                                                                                                                                                          Start time:01:37:14
                                                                                                                                                                                                                                                                                                                                                                          Start date:02/12/2024
                                                                                                                                                                                                                                                                                                                                                                          Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                                          Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2192 -parentBuildID 20230927232528 -prefsHandle 2128 -prefMapHandle 2112 -prefsLen 25308 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9c63859c-2e55-4015-b3c1-89393a302c0d} 7428 "\\.\pipe\gecko-crash-server-pipe.7428" 2248dd6ef10 socket
                                                                                                                                                                                                                                                                                                                                                                          Imagebase:0x7ff79f9e0000
                                                                                                                                                                                                                                                                                                                                                                          File size:676'768 bytes
                                                                                                                                                                                                                                                                                                                                                                          MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                                                                                                                                                                                                                                                                                                          Has elevated privileges:false
                                                                                                                                                                                                                                                                                                                                                                          Has administrator privileges:false
                                                                                                                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                          Has exited:false

                                                                                                                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                                                                                                                          Target ID:17
                                                                                                                                                                                                                                                                                                                                                                          Start time:01:37:16
                                                                                                                                                                                                                                                                                                                                                                          Start date:02/12/2024
                                                                                                                                                                                                                                                                                                                                                                          Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                                          Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4164 -parentBuildID 20230927232528 -prefsHandle 2976 -prefMapHandle 3680 -prefsLen 26338 -prefMapSize 237879 -appDir "C:\Program Files\Mozilla Firefox\browser" - {09b45220-661d-4d2a-9a53-a9b4f94dc97c} 7428 "\\.\pipe\gecko-crash-server-pipe.7428" 224a0221c10 rdd
                                                                                                                                                                                                                                                                                                                                                                          Imagebase:0x7ff79f9e0000
                                                                                                                                                                                                                                                                                                                                                                          File size:676'768 bytes
                                                                                                                                                                                                                                                                                                                                                                          MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                                                                                                                                                                                                                                                                                                          Has elevated privileges:false
                                                                                                                                                                                                                                                                                                                                                                          Has administrator privileges:false
                                                                                                                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                          Has exited:false

                                                                                                                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                                                                                                                          Target ID:18
                                                                                                                                                                                                                                                                                                                                                                          Start time:01:37:21
                                                                                                                                                                                                                                                                                                                                                                          Start date:02/12/2024
                                                                                                                                                                                                                                                                                                                                                                          Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                                          Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5096 -parentBuildID 20230927232528 -sandboxingKind 0 -prefsHandle 5092 -prefMapHandle 5080 -prefsLen 33119 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e326052a-a99c-48d9-b989-3184b4b5e684} 7428 "\\.\pipe\gecko-crash-server-pipe.7428" 224a7457110 utility
                                                                                                                                                                                                                                                                                                                                                                          Imagebase:0x7ff79f9e0000
                                                                                                                                                                                                                                                                                                                                                                          File size:676'768 bytes
                                                                                                                                                                                                                                                                                                                                                                          MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                                                                                                                                                                                                                                                                                                          Has elevated privileges:false
                                                                                                                                                                                                                                                                                                                                                                          Has administrator privileges:false
                                                                                                                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                          Has exited:false

                                                                                                                                                                                                                                                                                                                                                                          Disassembly

                                                                                                                                                                                                                                                                                                                                                                          Reset < >

                                                                                                                                                                                                                                                                                                                                                                            Execution Graph

                                                                                                                                                                                                                                                                                                                                                                            Execution Coverage:2.5%
                                                                                                                                                                                                                                                                                                                                                                            Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                                                                                                                                                                            Signature Coverage:3.9%
                                                                                                                                                                                                                                                                                                                                                                            Total number of Nodes:1753
                                                                                                                                                                                                                                                                                                                                                                            Total number of Limit Nodes:48
                                                                                                                                                                                                                                                                                                                                                                            execution_graph 95717 a42ba5 95718 a02b25 95717->95718 95719 a42baf 95717->95719 95745 a02b83 7 API calls 95718->95745 95763 a03a5a 95719->95763 95723 a42bb8 95770 a09cb3 95723->95770 95726 a02b2f 95736 a02b44 95726->95736 95749 a03837 95726->95749 95727 a42bc6 95728 a42bf5 95727->95728 95729 a42bce 95727->95729 95730 a033c6 22 API calls 95728->95730 95776 a033c6 95729->95776 95733 a42bf1 GetForegroundWindow ShellExecuteW 95730->95733 95739 a42c26 95733->95739 95737 a02b5f 95736->95737 95759 a030f2 95736->95759 95742 a02b66 SetCurrentDirectoryW 95737->95742 95739->95737 95741 a42be7 95743 a033c6 22 API calls 95741->95743 95744 a02b7a 95742->95744 95743->95733 95786 a02cd4 7 API calls 95745->95786 95747 a02b2a 95748 a02c63 CreateWindowExW CreateWindowExW ShowWindow ShowWindow 95747->95748 95748->95726 95750 a03862 ___scrt_fastfail 95749->95750 95787 a04212 95750->95787 95754 a43386 Shell_NotifyIconW 95755 a03906 Shell_NotifyIconW 95791 a03923 95755->95791 95757 a038e8 95757->95754 95757->95755 95758 a0391c 95758->95736 95760 a03154 95759->95760 95761 a03104 ___scrt_fastfail 95759->95761 95760->95737 95762 a03123 Shell_NotifyIconW 95761->95762 95762->95760 95880 a41f50 95763->95880 95766 a09cb3 22 API calls 95767 a03a8d 95766->95767 95882 a03aa2 95767->95882 95769 a03a97 95769->95723 95771 a09cc2 _wcslen 95770->95771 95772 a1fe0b 22 API calls 95771->95772 95773 a09cea __fread_nolock 95772->95773 95774 a1fddb 22 API calls 95773->95774 95775 a09d00 95774->95775 95775->95727 95777 a033dd 95776->95777 95778 a430bb 95776->95778 95902 a033ee 95777->95902 95780 a1fddb 22 API calls 95778->95780 95782 a430c5 _wcslen 95780->95782 95781 a033e8 95785 a06350 22 API calls 95781->95785 95783 a1fe0b 22 API calls 95782->95783 95784 a430fe __fread_nolock 95783->95784 95785->95741 95786->95747 95788 a435a4 95787->95788 95789 a038b7 95787->95789 95788->95789 95790 a435ad DestroyIcon 95788->95790 95789->95757 95813 a6c874 42 API calls _strftime 95789->95813 95790->95789 95792 a03a13 95791->95792 95793 a0393f 95791->95793 95792->95758 95814 a06270 95793->95814 95796 a43393 LoadStringW 95799 a433ad 95796->95799 95797 a0395a 95819 a06b57 95797->95819 95807 a03994 ___scrt_fastfail 95799->95807 95832 a0a8c7 22 API calls __fread_nolock 95799->95832 95800 a0396f 95801 a0397c 95800->95801 95802 a433c9 95800->95802 95801->95799 95805 a03986 95801->95805 95833 a06350 22 API calls 95802->95833 95831 a06350 22 API calls 95805->95831 95810 a039f9 Shell_NotifyIconW 95807->95810 95808 a433d7 95808->95807 95809 a033c6 22 API calls 95808->95809 95811 a433f9 95809->95811 95810->95792 95812 a033c6 22 API calls 95811->95812 95812->95807 95813->95757 95834 a1fe0b 95814->95834 95816 a06295 95844 a1fddb 95816->95844 95818 a0394d 95818->95796 95818->95797 95820 a44ba1 95819->95820 95822 a06b67 _wcslen 95819->95822 95870 a093b2 95820->95870 95824 a06ba2 95822->95824 95825 a06b7d 95822->95825 95823 a44baa 95823->95823 95827 a1fddb 22 API calls 95824->95827 95869 a06f34 22 API calls 95825->95869 95829 a06bae 95827->95829 95828 a06b85 __fread_nolock 95828->95800 95830 a1fe0b 22 API calls 95829->95830 95830->95828 95831->95807 95832->95807 95833->95808 95835 a1fddb 95834->95835 95837 a1fdfa 95835->95837 95840 a1fdfc 95835->95840 95854 a2ea0c 95835->95854 95861 a24ead 7 API calls 2 library calls 95835->95861 95837->95816 95839 a2066d 95863 a232a4 RaiseException 95839->95863 95840->95839 95862 a232a4 RaiseException 95840->95862 95843 a2068a 95843->95816 95846 a1fde0 95844->95846 95845 a2ea0c ___std_exception_copy 21 API calls 95845->95846 95846->95845 95847 a1fdfa 95846->95847 95849 a1fdfc 95846->95849 95866 a24ead 7 API calls 2 library calls 95846->95866 95847->95818 95853 a2066d 95849->95853 95867 a232a4 RaiseException 95849->95867 95852 a2068a 95852->95818 95868 a232a4 RaiseException 95853->95868 95858 a33820 _abort 95854->95858 95855 a3385e 95865 a2f2d9 20 API calls _abort 95855->95865 95856 a33849 RtlAllocateHeap 95856->95858 95859 a3385c 95856->95859 95858->95855 95858->95856 95864 a24ead 7 API calls 2 library calls 95858->95864 95859->95835 95861->95835 95862->95839 95863->95843 95864->95858 95865->95859 95866->95846 95867->95853 95868->95852 95869->95828 95871 a093c9 __fread_nolock 95870->95871 95872 a093c0 95870->95872 95871->95823 95872->95871 95874 a0aec9 95872->95874 95875 a0aed9 __fread_nolock 95874->95875 95876 a0aedc 95874->95876 95875->95871 95877 a1fddb 22 API calls 95876->95877 95878 a0aee7 95877->95878 95879 a1fe0b 22 API calls 95878->95879 95879->95875 95881 a03a67 GetModuleFileNameW 95880->95881 95881->95766 95883 a41f50 __wsopen_s 95882->95883 95884 a03aaf GetFullPathNameW 95883->95884 95885 a03ae9 95884->95885 95886 a03ace 95884->95886 95896 a0a6c3 95885->95896 95888 a06b57 22 API calls 95886->95888 95889 a03ada 95888->95889 95892 a037a0 95889->95892 95893 a037ae 95892->95893 95894 a093b2 22 API calls 95893->95894 95895 a037c2 95894->95895 95895->95769 95897 a0a6d0 95896->95897 95898 a0a6dd 95896->95898 95897->95889 95899 a1fddb 22 API calls 95898->95899 95900 a0a6e7 95899->95900 95901 a1fe0b 22 API calls 95900->95901 95901->95897 95903 a033fe _wcslen 95902->95903 95904 a03411 95903->95904 95905 a4311d 95903->95905 95912 a0a587 95904->95912 95907 a1fddb 22 API calls 95905->95907 95909 a43127 95907->95909 95908 a0341e __fread_nolock 95908->95781 95910 a1fe0b 22 API calls 95909->95910 95911 a43157 __fread_nolock 95910->95911 95913 a0a59d 95912->95913 95916 a0a598 __fread_nolock 95912->95916 95914 a1fe0b 22 API calls 95913->95914 95915 a4f80f 95913->95915 95914->95916 95916->95908 97386 a38402 97391 a381be 97386->97391 97389 a3842a 97392 a381ef try_get_first_available_module 97391->97392 97399 a38338 97392->97399 97406 a28e0b 40 API calls 2 library calls 97392->97406 97394 a383ee 97410 a327ec 26 API calls __fread_nolock 97394->97410 97396 a38343 97396->97389 97403 a40984 97396->97403 97398 a3838c 97398->97399 97407 a28e0b 40 API calls 2 library calls 97398->97407 97399->97396 97409 a2f2d9 20 API calls _abort 97399->97409 97401 a383ab 97401->97399 97408 a28e0b 40 API calls 2 library calls 97401->97408 97411 a40081 97403->97411 97405 a4099f 97405->97389 97406->97398 97407->97401 97408->97399 97409->97394 97410->97396 97414 a4008d ___scrt_is_nonwritable_in_current_image 97411->97414 97412 a4009b 97469 a2f2d9 20 API calls _abort 97412->97469 97414->97412 97416 a400d4 97414->97416 97415 a400a0 97470 a327ec 26 API calls __fread_nolock 97415->97470 97422 a4065b 97416->97422 97421 a400aa __fread_nolock 97421->97405 97472 a4042f 97422->97472 97425 a406a6 97490 a35221 97425->97490 97426 a4068d 97504 a2f2c6 20 API calls _abort 97426->97504 97429 a406ab 97430 a406b4 97429->97430 97431 a406cb 97429->97431 97506 a2f2c6 20 API calls _abort 97430->97506 97503 a4039a CreateFileW 97431->97503 97435 a406b9 97507 a2f2d9 20 API calls _abort 97435->97507 97436 a400f8 97471 a40121 LeaveCriticalSection __wsopen_s 97436->97471 97438 a40781 GetFileType 97439 a407d3 97438->97439 97440 a4078c GetLastError 97438->97440 97512 a3516a 21 API calls 3 library calls 97439->97512 97510 a2f2a3 20 API calls 2 library calls 97440->97510 97441 a40692 97505 a2f2d9 20 API calls _abort 97441->97505 97442 a40756 GetLastError 97509 a2f2a3 20 API calls 2 library calls 97442->97509 97445 a40704 97445->97438 97445->97442 97508 a4039a CreateFileW 97445->97508 97446 a4079a CloseHandle 97446->97441 97448 a407c3 97446->97448 97511 a2f2d9 20 API calls _abort 97448->97511 97450 a40749 97450->97438 97450->97442 97452 a407f4 97453 a40840 97452->97453 97513 a405ab 72 API calls 4 library calls 97452->97513 97458 a4086d 97453->97458 97514 a4014d 72 API calls 4 library calls 97453->97514 97454 a407c8 97454->97441 97457 a40866 97457->97458 97459 a4087e 97457->97459 97460 a386ae __wsopen_s 29 API calls 97458->97460 97459->97436 97461 a408fc CloseHandle 97459->97461 97460->97436 97515 a4039a CreateFileW 97461->97515 97463 a40927 97464 a40931 GetLastError 97463->97464 97465 a4095d 97463->97465 97516 a2f2a3 20 API calls 2 library calls 97464->97516 97465->97436 97467 a4093d 97517 a35333 21 API calls 3 library calls 97467->97517 97469->97415 97470->97421 97471->97421 97473 a4046a 97472->97473 97474 a40450 97472->97474 97518 a403bf 97473->97518 97474->97473 97525 a2f2d9 20 API calls _abort 97474->97525 97477 a4045f 97526 a327ec 26 API calls __fread_nolock 97477->97526 97479 a404a2 97480 a404d1 97479->97480 97527 a2f2d9 20 API calls _abort 97479->97527 97485 a40524 97480->97485 97529 a2d70d 26 API calls 2 library calls 97480->97529 97483 a4051f 97483->97485 97486 a4059e 97483->97486 97484 a404c6 97528 a327ec 26 API calls __fread_nolock 97484->97528 97485->97425 97485->97426 97530 a327fc 11 API calls _abort 97486->97530 97489 a405aa 97491 a3522d ___scrt_is_nonwritable_in_current_image 97490->97491 97533 a32f5e EnterCriticalSection 97491->97533 97493 a35234 97494 a35259 97493->97494 97499 a352c7 EnterCriticalSection 97493->97499 97500 a3527b 97493->97500 97496 a35000 __wsopen_s 21 API calls 97494->97496 97498 a3525e 97496->97498 97497 a352a4 __fread_nolock 97497->97429 97498->97500 97537 a35147 EnterCriticalSection 97498->97537 97499->97500 97501 a352d4 LeaveCriticalSection 97499->97501 97534 a3532a 97500->97534 97501->97493 97503->97445 97504->97441 97505->97436 97506->97435 97507->97441 97508->97450 97509->97441 97510->97446 97511->97454 97512->97452 97513->97453 97514->97457 97515->97463 97516->97467 97517->97465 97520 a403d7 97518->97520 97519 a403f2 97519->97479 97520->97519 97531 a2f2d9 20 API calls _abort 97520->97531 97522 a40416 97532 a327ec 26 API calls __fread_nolock 97522->97532 97524 a40421 97524->97479 97525->97477 97526->97473 97527->97484 97528->97480 97529->97483 97530->97489 97531->97522 97532->97524 97533->97493 97538 a32fa6 LeaveCriticalSection 97534->97538 97536 a35331 97536->97497 97537->97500 97538->97536 95917 a02de3 95918 a02df0 __wsopen_s 95917->95918 95919 a02e09 95918->95919 95920 a42c2b ___scrt_fastfail 95918->95920 95921 a03aa2 23 API calls 95919->95921 95922 a42c47 GetOpenFileNameW 95920->95922 95923 a02e12 95921->95923 95924 a42c96 95922->95924 95933 a02da5 95923->95933 95926 a06b57 22 API calls 95924->95926 95928 a42cab 95926->95928 95928->95928 95930 a02e27 95951 a044a8 95930->95951 95934 a41f50 __wsopen_s 95933->95934 95935 a02db2 GetLongPathNameW 95934->95935 95936 a06b57 22 API calls 95935->95936 95937 a02dda 95936->95937 95938 a03598 95937->95938 95981 a0a961 95938->95981 95941 a03aa2 23 API calls 95942 a035b5 95941->95942 95943 a035c0 95942->95943 95944 a432eb 95942->95944 95986 a0515f 95943->95986 95949 a4330d 95944->95949 95998 a1ce60 41 API calls 95944->95998 95950 a035df 95950->95930 95999 a04ecb 95951->95999 95954 a43833 96021 a72cf9 95954->96021 95955 a04ecb 94 API calls 95957 a044e1 95955->95957 95957->95954 95959 a044e9 95957->95959 95958 a43848 95960 a4384c 95958->95960 95961 a43869 95958->95961 95963 a43854 95959->95963 95964 a044f5 95959->95964 96062 a04f39 95960->96062 95962 a1fe0b 22 API calls 95961->95962 95972 a438ae 95962->95972 96068 a6da5a 82 API calls 95963->96068 96061 a0940c 136 API calls 2 library calls 95964->96061 95968 a02e31 95969 a43862 95969->95961 95970 a43a5f 95975 a43a67 95970->95975 95971 a04f39 68 API calls 95971->95975 95972->95970 95972->95975 95978 a09cb3 22 API calls 95972->95978 96047 a0a4a1 95972->96047 96055 a03ff7 95972->96055 96069 a6967e 22 API calls __fread_nolock 95972->96069 96070 a695ad 42 API calls _wcslen 95972->96070 96071 a70b5a 22 API calls 95972->96071 95975->95971 96072 a6989b 82 API calls __wsopen_s 95975->96072 95978->95972 95982 a1fe0b 22 API calls 95981->95982 95983 a0a976 95982->95983 95984 a1fddb 22 API calls 95983->95984 95985 a035aa 95984->95985 95985->95941 95987 a0516e 95986->95987 95991 a0518f __fread_nolock 95986->95991 95989 a1fe0b 22 API calls 95987->95989 95988 a1fddb 22 API calls 95990 a035cc 95988->95990 95989->95991 95992 a035f3 95990->95992 95991->95988 95993 a03605 95992->95993 95997 a03624 __fread_nolock 95992->95997 95995 a1fe0b 22 API calls 95993->95995 95994 a1fddb 22 API calls 95996 a0363b 95994->95996 95995->95997 95996->95950 95997->95994 95998->95944 96073 a04e90 LoadLibraryA 95999->96073 96004 a04ef6 LoadLibraryExW 96081 a04e59 LoadLibraryA 96004->96081 96005 a43ccf 96007 a04f39 68 API calls 96005->96007 96008 a43cd6 96007->96008 96010 a04e59 3 API calls 96008->96010 96012 a43cde 96010->96012 96103 a050f5 96012->96103 96013 a04f20 96013->96012 96014 a04f2c 96013->96014 96016 a04f39 68 API calls 96014->96016 96018 a044cd 96016->96018 96018->95954 96018->95955 96020 a43d05 96022 a72d15 96021->96022 96023 a0511f 64 API calls 96022->96023 96024 a72d29 96023->96024 96253 a72e66 96024->96253 96027 a050f5 40 API calls 96028 a72d56 96027->96028 96029 a050f5 40 API calls 96028->96029 96030 a72d66 96029->96030 96031 a050f5 40 API calls 96030->96031 96032 a72d81 96031->96032 96033 a050f5 40 API calls 96032->96033 96034 a72d9c 96033->96034 96035 a0511f 64 API calls 96034->96035 96036 a72db3 96035->96036 96037 a2ea0c ___std_exception_copy 21 API calls 96036->96037 96038 a72dba 96037->96038 96039 a2ea0c ___std_exception_copy 21 API calls 96038->96039 96040 a72dc4 96039->96040 96041 a050f5 40 API calls 96040->96041 96042 a72dd8 96041->96042 96043 a728fe 27 API calls 96042->96043 96044 a72dee 96043->96044 96046 a72d3f 96044->96046 96259 a722ce 79 API calls 96044->96259 96046->95958 96048 a0a52b 96047->96048 96053 a0a4b1 __fread_nolock 96047->96053 96050 a1fe0b 22 API calls 96048->96050 96049 a1fddb 22 API calls 96051 a0a4b8 96049->96051 96050->96053 96052 a1fddb 22 API calls 96051->96052 96054 a0a4d6 96051->96054 96052->96054 96053->96049 96054->95972 96056 a0400a 96055->96056 96060 a040ae 96055->96060 96057 a1fe0b 22 API calls 96056->96057 96059 a0403c 96056->96059 96057->96059 96058 a1fddb 22 API calls 96058->96059 96059->96058 96059->96060 96060->95972 96061->95968 96063 a04f43 96062->96063 96065 a04f4a 96062->96065 96260 a2e678 96063->96260 96066 a04f59 96065->96066 96067 a04f6a FreeLibrary 96065->96067 96066->95963 96067->96066 96068->95969 96069->95972 96070->95972 96071->95972 96072->95975 96074 a04ec6 96073->96074 96075 a04ea8 GetProcAddress 96073->96075 96078 a2e5eb 96074->96078 96076 a04eb8 96075->96076 96076->96074 96077 a04ebf FreeLibrary 96076->96077 96077->96074 96111 a2e52a 96078->96111 96080 a04eea 96080->96004 96080->96005 96082 a04e8d 96081->96082 96083 a04e6e GetProcAddress 96081->96083 96086 a04f80 96082->96086 96084 a04e7e 96083->96084 96084->96082 96085 a04e86 FreeLibrary 96084->96085 96085->96082 96087 a1fe0b 22 API calls 96086->96087 96088 a04f95 96087->96088 96179 a05722 96088->96179 96090 a04fa1 __fread_nolock 96091 a050a5 96090->96091 96092 a43d1d 96090->96092 96102 a04fdc 96090->96102 96182 a042a2 CreateStreamOnHGlobal 96091->96182 96193 a7304d 74 API calls 96092->96193 96095 a43d22 96097 a0511f 64 API calls 96095->96097 96096 a050f5 40 API calls 96096->96102 96098 a43d45 96097->96098 96099 a050f5 40 API calls 96098->96099 96101 a0506e messages 96099->96101 96101->96013 96102->96095 96102->96096 96102->96101 96188 a0511f 96102->96188 96104 a43d70 96103->96104 96105 a05107 96103->96105 96215 a2e8c4 96105->96215 96108 a728fe 96236 a7274e 96108->96236 96110 a72919 96110->96020 96114 a2e536 ___scrt_is_nonwritable_in_current_image 96111->96114 96112 a2e544 96136 a2f2d9 20 API calls _abort 96112->96136 96114->96112 96116 a2e574 96114->96116 96115 a2e549 96137 a327ec 26 API calls __fread_nolock 96115->96137 96118 a2e586 96116->96118 96119 a2e579 96116->96119 96128 a38061 96118->96128 96138 a2f2d9 20 API calls _abort 96119->96138 96122 a2e58f 96123 a2e5a2 96122->96123 96124 a2e595 96122->96124 96140 a2e5d4 LeaveCriticalSection __fread_nolock 96123->96140 96139 a2f2d9 20 API calls _abort 96124->96139 96126 a2e554 __fread_nolock 96126->96080 96129 a3806d ___scrt_is_nonwritable_in_current_image 96128->96129 96141 a32f5e EnterCriticalSection 96129->96141 96131 a3807b 96142 a380fb 96131->96142 96135 a380ac __fread_nolock 96135->96122 96136->96115 96137->96126 96138->96126 96139->96126 96140->96126 96141->96131 96143 a3811e 96142->96143 96144 a38177 96143->96144 96151 a38088 96143->96151 96158 a2918d EnterCriticalSection 96143->96158 96159 a291a1 LeaveCriticalSection 96143->96159 96160 a34c7d 96144->96160 96149 a38189 96149->96151 96173 a33405 11 API calls 2 library calls 96149->96173 96155 a380b7 96151->96155 96152 a381a8 96174 a2918d EnterCriticalSection 96152->96174 96178 a32fa6 LeaveCriticalSection 96155->96178 96157 a380be 96157->96135 96158->96143 96159->96143 96166 a34c8a _abort 96160->96166 96161 a34cca 96176 a2f2d9 20 API calls _abort 96161->96176 96162 a34cb5 RtlAllocateHeap 96164 a34cc8 96162->96164 96162->96166 96167 a329c8 96164->96167 96166->96161 96166->96162 96175 a24ead 7 API calls 2 library calls 96166->96175 96168 a329d3 RtlFreeHeap 96167->96168 96169 a329fc _free 96167->96169 96168->96169 96170 a329e8 96168->96170 96169->96149 96177 a2f2d9 20 API calls _abort 96170->96177 96172 a329ee GetLastError 96172->96169 96173->96152 96174->96151 96175->96166 96176->96164 96177->96172 96178->96157 96180 a1fddb 22 API calls 96179->96180 96181 a05734 96180->96181 96181->96090 96183 a042d9 96182->96183 96184 a042bc FindResourceExW 96182->96184 96183->96102 96184->96183 96185 a435ba LoadResource 96184->96185 96185->96183 96186 a435cf SizeofResource 96185->96186 96186->96183 96187 a435e3 LockResource 96186->96187 96187->96183 96189 a43d90 96188->96189 96190 a0512e 96188->96190 96194 a2ece3 96190->96194 96193->96095 96197 a2eaaa 96194->96197 96196 a0513c 96196->96102 96198 a2eab6 ___scrt_is_nonwritable_in_current_image 96197->96198 96199 a2eac2 96198->96199 96200 a2eae8 96198->96200 96210 a2f2d9 20 API calls _abort 96199->96210 96212 a2918d EnterCriticalSection 96200->96212 96202 a2eac7 96211 a327ec 26 API calls __fread_nolock 96202->96211 96205 a2eaf4 96213 a2ec0a 62 API calls 2 library calls 96205->96213 96207 a2eb08 96214 a2eb27 LeaveCriticalSection __fread_nolock 96207->96214 96209 a2ead2 __fread_nolock 96209->96196 96210->96202 96211->96209 96212->96205 96213->96207 96214->96209 96218 a2e8e1 96215->96218 96217 a05118 96217->96108 96219 a2e8ed ___scrt_is_nonwritable_in_current_image 96218->96219 96220 a2e92d 96219->96220 96221 a2e925 __fread_nolock 96219->96221 96223 a2e900 ___scrt_fastfail 96219->96223 96233 a2918d EnterCriticalSection 96220->96233 96221->96217 96231 a2f2d9 20 API calls _abort 96223->96231 96224 a2e937 96234 a2e6f8 38 API calls 3 library calls 96224->96234 96227 a2e91a 96232 a327ec 26 API calls __fread_nolock 96227->96232 96228 a2e94e 96235 a2e96c LeaveCriticalSection __fread_nolock 96228->96235 96231->96227 96232->96221 96233->96224 96234->96228 96235->96221 96239 a2e4e8 96236->96239 96238 a7275d 96238->96110 96242 a2e469 96239->96242 96241 a2e505 96241->96238 96243 a2e478 96242->96243 96245 a2e48c 96242->96245 96250 a2f2d9 20 API calls _abort 96243->96250 96249 a2e488 __alldvrm 96245->96249 96252 a3333f 11 API calls 2 library calls 96245->96252 96246 a2e47d 96251 a327ec 26 API calls __fread_nolock 96246->96251 96249->96241 96250->96246 96251->96249 96252->96249 96258 a72e7a 96253->96258 96254 a72d3b 96254->96027 96254->96046 96255 a050f5 40 API calls 96255->96258 96256 a728fe 27 API calls 96256->96258 96257 a0511f 64 API calls 96257->96258 96258->96254 96258->96255 96258->96256 96258->96257 96259->96046 96261 a2e684 ___scrt_is_nonwritable_in_current_image 96260->96261 96262 a2e695 96261->96262 96263 a2e6aa 96261->96263 96273 a2f2d9 20 API calls _abort 96262->96273 96272 a2e6a5 __fread_nolock 96263->96272 96275 a2918d EnterCriticalSection 96263->96275 96265 a2e69a 96274 a327ec 26 API calls __fread_nolock 96265->96274 96267 a2e6c6 96276 a2e602 96267->96276 96270 a2e6d1 96292 a2e6ee LeaveCriticalSection __fread_nolock 96270->96292 96272->96065 96273->96265 96274->96272 96275->96267 96277 a2e624 96276->96277 96278 a2e60f 96276->96278 96290 a2e61f 96277->96290 96295 a2dc0b 96277->96295 96293 a2f2d9 20 API calls _abort 96278->96293 96280 a2e614 96294 a327ec 26 API calls __fread_nolock 96280->96294 96287 a2e646 96312 a3862f 96287->96312 96290->96270 96291 a329c8 _free 20 API calls 96291->96290 96292->96272 96293->96280 96294->96290 96296 a2dc23 96295->96296 96300 a2dc1f 96295->96300 96297 a2d955 __fread_nolock 26 API calls 96296->96297 96296->96300 96298 a2dc43 96297->96298 96327 a359be 62 API calls 5 library calls 96298->96327 96301 a34d7a 96300->96301 96302 a2e640 96301->96302 96303 a34d90 96301->96303 96305 a2d955 96302->96305 96303->96302 96304 a329c8 _free 20 API calls 96303->96304 96304->96302 96306 a2d961 96305->96306 96307 a2d976 96305->96307 96328 a2f2d9 20 API calls _abort 96306->96328 96307->96287 96309 a2d966 96329 a327ec 26 API calls __fread_nolock 96309->96329 96311 a2d971 96311->96287 96313 a38653 96312->96313 96314 a3863e 96312->96314 96316 a3868e 96313->96316 96321 a3867a 96313->96321 96330 a2f2c6 20 API calls _abort 96314->96330 96335 a2f2c6 20 API calls _abort 96316->96335 96318 a38643 96331 a2f2d9 20 API calls _abort 96318->96331 96319 a38693 96336 a2f2d9 20 API calls _abort 96319->96336 96332 a38607 96321->96332 96324 a2e64c 96324->96290 96324->96291 96325 a3869b 96337 a327ec 26 API calls __fread_nolock 96325->96337 96327->96300 96328->96309 96329->96311 96330->96318 96331->96324 96338 a38585 96332->96338 96334 a3862b 96334->96324 96335->96319 96336->96325 96337->96324 96339 a38591 ___scrt_is_nonwritable_in_current_image 96338->96339 96349 a35147 EnterCriticalSection 96339->96349 96341 a3859f 96342 a385d1 96341->96342 96343 a385c6 96341->96343 96365 a2f2d9 20 API calls _abort 96342->96365 96350 a386ae 96343->96350 96346 a385cc 96366 a385fb LeaveCriticalSection __wsopen_s 96346->96366 96348 a385ee __fread_nolock 96348->96334 96349->96341 96367 a353c4 96350->96367 96352 a386c4 96380 a35333 21 API calls 3 library calls 96352->96380 96353 a386be 96353->96352 96354 a386f6 96353->96354 96356 a353c4 __wsopen_s 26 API calls 96353->96356 96354->96352 96357 a353c4 __wsopen_s 26 API calls 96354->96357 96360 a386ed 96356->96360 96361 a38702 CloseHandle 96357->96361 96358 a3871c 96359 a3873e 96358->96359 96381 a2f2a3 20 API calls 2 library calls 96358->96381 96359->96346 96363 a353c4 __wsopen_s 26 API calls 96360->96363 96361->96352 96364 a3870e GetLastError 96361->96364 96363->96354 96364->96352 96365->96346 96366->96348 96368 a353d1 96367->96368 96369 a353e6 96367->96369 96382 a2f2c6 20 API calls _abort 96368->96382 96374 a3540b 96369->96374 96384 a2f2c6 20 API calls _abort 96369->96384 96371 a353d6 96383 a2f2d9 20 API calls _abort 96371->96383 96374->96353 96375 a35416 96385 a2f2d9 20 API calls _abort 96375->96385 96377 a353de 96377->96353 96378 a3541e 96386 a327ec 26 API calls __fread_nolock 96378->96386 96380->96358 96381->96359 96382->96371 96383->96377 96384->96375 96385->96378 96386->96377 97539 a01044 97544 a010f3 97539->97544 97541 a0104a 97580 a200a3 29 API calls __onexit 97541->97580 97543 a01054 97581 a01398 97544->97581 97548 a0116a 97549 a0a961 22 API calls 97548->97549 97550 a01174 97549->97550 97551 a0a961 22 API calls 97550->97551 97552 a0117e 97551->97552 97553 a0a961 22 API calls 97552->97553 97554 a01188 97553->97554 97555 a0a961 22 API calls 97554->97555 97556 a011c6 97555->97556 97557 a0a961 22 API calls 97556->97557 97558 a01292 97557->97558 97591 a0171c 97558->97591 97562 a012c4 97563 a0a961 22 API calls 97562->97563 97564 a012ce 97563->97564 97565 a11940 9 API calls 97564->97565 97566 a012f9 97565->97566 97612 a01aab 97566->97612 97568 a01315 97569 a01325 GetStdHandle 97568->97569 97570 a42485 97569->97570 97572 a0137a 97569->97572 97571 a4248e 97570->97571 97570->97572 97573 a1fddb 22 API calls 97571->97573 97574 a01387 OleInitialize 97572->97574 97575 a42495 97573->97575 97574->97541 97619 a7011d InitializeCriticalSectionAndSpinCount InterlockedExchange GetCurrentProcess GetCurrentProcess DuplicateHandle 97575->97619 97577 a4249e 97620 a70944 CreateThread 97577->97620 97579 a424aa CloseHandle 97579->97572 97580->97543 97621 a013f1 97581->97621 97584 a013f1 22 API calls 97585 a013d0 97584->97585 97586 a0a961 22 API calls 97585->97586 97587 a013dc 97586->97587 97588 a06b57 22 API calls 97587->97588 97589 a01129 97588->97589 97590 a01bc3 6 API calls 97589->97590 97590->97548 97592 a0a961 22 API calls 97591->97592 97593 a0172c 97592->97593 97594 a0a961 22 API calls 97593->97594 97595 a01734 97594->97595 97596 a0a961 22 API calls 97595->97596 97597 a0174f 97596->97597 97598 a1fddb 22 API calls 97597->97598 97599 a0129c 97598->97599 97600 a01b4a 97599->97600 97601 a01b58 97600->97601 97602 a0a961 22 API calls 97601->97602 97603 a01b63 97602->97603 97604 a0a961 22 API calls 97603->97604 97605 a01b6e 97604->97605 97606 a0a961 22 API calls 97605->97606 97607 a01b79 97606->97607 97608 a0a961 22 API calls 97607->97608 97609 a01b84 97608->97609 97610 a1fddb 22 API calls 97609->97610 97611 a01b96 RegisterWindowMessageW 97610->97611 97611->97562 97613 a4272d 97612->97613 97614 a01abb 97612->97614 97628 a73209 23 API calls 97613->97628 97615 a1fddb 22 API calls 97614->97615 97618 a01ac3 97615->97618 97617 a42738 97618->97568 97619->97577 97620->97579 97629 a7092a 28 API calls 97620->97629 97622 a0a961 22 API calls 97621->97622 97623 a013fc 97622->97623 97624 a0a961 22 API calls 97623->97624 97625 a01404 97624->97625 97626 a0a961 22 API calls 97625->97626 97627 a013c6 97626->97627 97627->97584 97628->97617 96387 a0dee5 96390 a0b710 96387->96390 96391 a0b72b 96390->96391 96392 a50146 96391->96392 96393 a500f8 96391->96393 96420 a0b750 96391->96420 96456 a858a2 348 API calls 2 library calls 96392->96456 96396 a50102 96393->96396 96399 a5010f 96393->96399 96393->96420 96454 a85d33 348 API calls 96396->96454 96416 a0ba20 96399->96416 96455 a861d0 348 API calls 2 library calls 96399->96455 96402 a503d9 96402->96402 96406 a0ba4e 96407 a50322 96469 a85c0c 82 API calls 96407->96469 96414 a1d336 40 API calls 96414->96420 96415 a0bbe0 40 API calls 96415->96420 96416->96406 96470 a7359c 82 API calls __wsopen_s 96416->96470 96420->96406 96420->96407 96420->96414 96420->96415 96420->96416 96421 a0ec40 96420->96421 96445 a0a81b 41 API calls 96420->96445 96446 a1d2f0 40 API calls 96420->96446 96447 a1a01b 348 API calls 96420->96447 96448 a20242 5 API calls __Init_thread_wait 96420->96448 96449 a1edcd 22 API calls 96420->96449 96450 a200a3 29 API calls __onexit 96420->96450 96451 a201f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 96420->96451 96452 a1ee53 82 API calls 96420->96452 96453 a1e5ca 348 API calls 96420->96453 96457 a0aceb 96420->96457 96467 a5f6bf 23 API calls 96420->96467 96468 a0a8c7 22 API calls __fread_nolock 96420->96468 96427 a0ec76 messages 96421->96427 96422 a54beb 96538 a7359c 82 API calls __wsopen_s 96422->96538 96424 a1fddb 22 API calls 96424->96427 96425 a0fef7 96428 a0ed9d messages 96425->96428 96534 a0a8c7 22 API calls __fread_nolock 96425->96534 96427->96422 96427->96424 96427->96425 96427->96428 96429 a54600 96427->96429 96430 a54b0b 96427->96430 96434 a0a8c7 22 API calls 96427->96434 96437 a20242 EnterCriticalSection LeaveCriticalSection LeaveCriticalSection WaitForSingleObjectEx EnterCriticalSection 96427->96437 96438 a0fbe3 96427->96438 96439 a0a961 22 API calls 96427->96439 96441 a200a3 29 API calls pre_c_initialization 96427->96441 96443 a201f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent __Init_thread_footer 96427->96443 96444 a0f3ae messages 96427->96444 96471 a101e0 96427->96471 96532 a106a0 41 API calls messages 96427->96532 96428->96420 96429->96428 96533 a0a8c7 22 API calls __fread_nolock 96429->96533 96536 a7359c 82 API calls __wsopen_s 96430->96536 96434->96427 96437->96427 96438->96428 96440 a54bdc 96438->96440 96438->96444 96439->96427 96537 a7359c 82 API calls __wsopen_s 96440->96537 96441->96427 96443->96427 96444->96428 96535 a7359c 82 API calls __wsopen_s 96444->96535 96445->96420 96446->96420 96447->96420 96448->96420 96449->96420 96450->96420 96451->96420 96452->96420 96453->96420 96454->96399 96455->96416 96456->96420 96458 a0acf9 96457->96458 96466 a0ad2a messages 96457->96466 96459 a0ad55 96458->96459 96461 a0ad01 messages 96458->96461 96459->96466 96974 a0a8c7 22 API calls __fread_nolock 96459->96974 96462 a0ad21 96461->96462 96463 a4fa48 96461->96463 96461->96466 96464 a4fa3a VariantClear 96462->96464 96462->96466 96465 a1ce17 22 API calls 96463->96465 96463->96466 96464->96466 96465->96466 96466->96420 96467->96420 96468->96420 96469->96416 96470->96402 96472 a10206 96471->96472 96488 a1027e 96471->96488 96473 a10213 96472->96473 96474 a55411 96472->96474 96481 a55435 96473->96481 96484 a1021d 96473->96484 96612 a87b7e 348 API calls 2 library calls 96474->96612 96475 a55405 96611 a7359c 82 API calls __wsopen_s 96475->96611 96479 a55466 96482 a55471 96479->96482 96483 a55493 96479->96483 96480 a0ec40 348 API calls 96480->96488 96481->96479 96487 a5544d 96481->96487 96614 a87b7e 348 API calls 2 library calls 96482->96614 96539 a85689 96483->96539 96504 a10230 messages 96484->96504 96675 a0a8c7 22 API calls __fread_nolock 96484->96675 96486 a10405 96486->96427 96613 a7359c 82 API calls __wsopen_s 96487->96613 96488->96480 96488->96486 96494 a551b9 96488->96494 96507 a103f9 96488->96507 96514 a551ce messages 96488->96514 96515 a10344 96488->96515 96526 a103b2 messages 96488->96526 96492 a55332 96492->96504 96610 a0a8c7 22 API calls __fread_nolock 96492->96610 96607 a7359c 82 API calls __wsopen_s 96494->96607 96495 a5568a 96497 a556c0 96495->96497 96700 a87771 67 API calls 96495->96700 96503 a0aceb 23 API calls 96497->96503 96500 a55532 96615 a71119 22 API calls 96500->96615 96529 a10273 messages 96503->96529 96504->96495 96504->96529 96676 a87632 54 API calls __wsopen_s 96504->96676 96505 a55668 96677 a07510 96505->96677 96506 a5569e 96509 a07510 53 API calls 96506->96509 96507->96486 96606 a7359c 82 API calls __wsopen_s 96507->96606 96525 a556a6 _wcslen 96509->96525 96512 a554b9 96546 a70acc 96512->96546 96513 a55544 96616 a0a673 22 API calls 96513->96616 96514->96526 96514->96529 96608 a7359c 82 API calls __wsopen_s 96514->96608 96515->96507 96605 a104f0 22 API calls 96515->96605 96519 a103a5 96519->96507 96519->96526 96521 a5554d 96528 a70acc 22 API calls 96521->96528 96522 a55670 _wcslen 96522->96495 96523 a0aceb 23 API calls 96522->96523 96523->96495 96525->96497 96527 a0aceb 23 API calls 96525->96527 96526->96475 96526->96492 96526->96504 96526->96529 96609 a1a308 348 API calls 96526->96609 96527->96497 96530 a55566 96528->96530 96529->96427 96617 a0bf40 96530->96617 96532->96427 96533->96428 96534->96428 96535->96428 96536->96428 96537->96422 96538->96428 96540 a856a4 96539->96540 96545 a5549e 96539->96545 96541 a1fe0b 22 API calls 96540->96541 96543 a856c6 96541->96543 96542 a1fddb 22 API calls 96542->96543 96543->96542 96543->96545 96701 a70a59 96543->96701 96545->96500 96545->96512 96547 a554e3 96546->96547 96548 a70ada 96546->96548 96550 a11310 96547->96550 96548->96547 96549 a1fddb 22 API calls 96548->96549 96549->96547 96551 a117b0 96550->96551 96552 a11376 96550->96552 96748 a20242 5 API calls __Init_thread_wait 96551->96748 96554 a11390 96552->96554 96555 a56331 96552->96555 96705 a11940 96554->96705 96556 a5633d 96555->96556 96752 a8709c 348 API calls 96555->96752 96556->96504 96558 a117ba 96560 a117fb 96558->96560 96563 a09cb3 22 API calls 96558->96563 96565 a56346 96560->96565 96567 a1182c 96560->96567 96562 a11940 9 API calls 96564 a113b6 96562->96564 96571 a117d4 96563->96571 96564->96560 96566 a113ec 96564->96566 96753 a7359c 82 API calls __wsopen_s 96565->96753 96566->96565 96590 a11408 __fread_nolock 96566->96590 96568 a0aceb 23 API calls 96567->96568 96570 a11839 96568->96570 96750 a1d217 348 API calls 96570->96750 96749 a201f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 96571->96749 96574 a5636e 96754 a7359c 82 API calls __wsopen_s 96574->96754 96575 a1152f 96577 a563d1 96575->96577 96578 a1153c 96575->96578 96756 a85745 54 API calls _wcslen 96577->96756 96580 a11940 9 API calls 96578->96580 96581 a11549 96580->96581 96585 a11940 9 API calls 96581->96585 96595 a115c7 messages 96581->96595 96582 a1fddb 22 API calls 96582->96590 96583 a1fe0b 22 API calls 96583->96590 96584 a11872 96751 a1faeb 23 API calls 96584->96751 96593 a11563 96585->96593 96586 a1171d 96586->96504 96589 a0ec40 348 API calls 96589->96590 96590->96570 96590->96574 96590->96575 96590->96582 96590->96583 96590->96589 96591 a563b2 96590->96591 96590->96595 96755 a7359c 82 API calls __wsopen_s 96591->96755 96593->96595 96757 a0a8c7 22 API calls __fread_nolock 96593->96757 96594 a11940 9 API calls 96594->96595 96595->96584 96595->96594 96597 a1167b messages 96595->96597 96715 a1f645 96595->96715 96722 a8abf7 96595->96722 96727 a75c5a 96595->96727 96732 a8ab67 96595->96732 96735 a8a2ea 96595->96735 96740 a91591 96595->96740 96758 a7359c 82 API calls __wsopen_s 96595->96758 96597->96586 96743 a1ce17 96597->96743 96605->96519 96606->96529 96607->96514 96608->96526 96609->96526 96610->96504 96611->96474 96612->96504 96613->96529 96614->96504 96615->96513 96616->96521 96929 a0adf0 96617->96929 96619 a0bf9d 96620 a504b6 96619->96620 96621 a0bfa9 96619->96621 96946 a7359c 82 API calls __wsopen_s 96620->96946 96623 a504c6 96621->96623 96624 a0c01e 96621->96624 96947 a7359c 82 API calls __wsopen_s 96623->96947 96934 a0ac91 96624->96934 96628 a67120 22 API calls 96661 a0c039 __fread_nolock messages 96628->96661 96629 a0c7da 96633 a1fe0b 22 API calls 96629->96633 96630 a1fddb 22 API calls 96630->96661 96642 a0c808 __fread_nolock 96633->96642 96635 a504f5 96638 a5055a 96635->96638 96948 a1d217 348 API calls 96635->96948 96674 a0c603 96638->96674 96949 a7359c 82 API calls __wsopen_s 96638->96949 96639 a0ec40 348 API calls 96639->96661 96640 a1fe0b 22 API calls 96667 a0c350 __fread_nolock messages 96640->96667 96641 a0af8a 22 API calls 96641->96661 96642->96640 96643 a5091a 96958 a73209 23 API calls 96643->96958 96646 a508a5 96647 a0ec40 348 API calls 96646->96647 96649 a508cf 96647->96649 96649->96674 96956 a0a81b 41 API calls 96649->96956 96650 a50591 96950 a7359c 82 API calls __wsopen_s 96650->96950 96651 a508f6 96957 a7359c 82 API calls __wsopen_s 96651->96957 96656 a0bbe0 40 API calls 96656->96661 96657 a0c3ac 96657->96504 96658 a0aceb 23 API calls 96658->96661 96659 a0c237 96660 a0c253 96659->96660 96959 a0a8c7 22 API calls __fread_nolock 96659->96959 96664 a50976 96660->96664 96669 a0c297 messages 96660->96669 96661->96628 96661->96629 96661->96630 96661->96635 96661->96638 96661->96639 96661->96641 96661->96642 96661->96643 96661->96646 96661->96650 96661->96651 96661->96656 96661->96658 96661->96659 96662 a1fe0b 22 API calls 96661->96662 96668 a509bf 96661->96668 96661->96674 96938 a0ad81 96661->96938 96951 a67099 22 API calls __fread_nolock 96661->96951 96952 a85745 54 API calls _wcslen 96661->96952 96953 a1aa42 22 API calls messages 96661->96953 96954 a6f05c 40 API calls 96661->96954 96955 a0a993 41 API calls 96661->96955 96662->96661 96666 a0aceb 23 API calls 96664->96666 96665 a1ce17 22 API calls 96665->96667 96666->96668 96667->96657 96667->96665 96668->96674 96960 a7359c 82 API calls __wsopen_s 96668->96960 96669->96668 96670 a0aceb 23 API calls 96669->96670 96671 a0c335 96670->96671 96671->96668 96672 a0c342 96671->96672 96945 a0a704 22 API calls messages 96672->96945 96674->96504 96675->96504 96676->96505 96678 a07522 96677->96678 96679 a07525 96677->96679 96678->96522 96680 a0755b 96679->96680 96681 a0752d 96679->96681 96683 a450f6 96680->96683 96686 a0756d 96680->96686 96691 a4500f 96680->96691 96970 a251c6 26 API calls 96681->96970 96973 a25183 26 API calls 96683->96973 96684 a0753d 96690 a1fddb 22 API calls 96684->96690 96971 a1fb21 51 API calls 96686->96971 96688 a4510e 96688->96688 96692 a07547 96690->96692 96694 a1fe0b 22 API calls 96691->96694 96699 a45088 96691->96699 96693 a09cb3 22 API calls 96692->96693 96693->96678 96696 a45058 96694->96696 96695 a1fddb 22 API calls 96697 a4507f 96695->96697 96696->96695 96698 a09cb3 22 API calls 96697->96698 96698->96699 96972 a1fb21 51 API calls 96699->96972 96700->96506 96702 a70a7a 96701->96702 96703 a70a85 96702->96703 96704 a1fddb 22 API calls 96702->96704 96703->96543 96704->96703 96706 a11981 96705->96706 96707 a1195d 96705->96707 96759 a20242 5 API calls __Init_thread_wait 96706->96759 96714 a113a0 96707->96714 96761 a20242 5 API calls __Init_thread_wait 96707->96761 96709 a1198b 96709->96707 96760 a201f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 96709->96760 96711 a18727 96711->96714 96762 a201f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 96711->96762 96714->96562 96763 a0b567 96715->96763 96717 a1f659 96718 a1f661 timeGetTime 96717->96718 96719 a5f2dc Sleep 96717->96719 96720 a0b567 39 API calls 96718->96720 96721 a1f677 96720->96721 96721->96595 96769 a8aff9 96722->96769 96724 a8ac54 96724->96595 96725 a8ac0c 96725->96724 96726 a0aceb 23 API calls 96725->96726 96726->96724 96728 a07510 53 API calls 96727->96728 96729 a75c6d 96728->96729 96891 a6dbbe lstrlenW 96729->96891 96731 a75c77 96731->96595 96733 a8aff9 217 API calls 96732->96733 96734 a8ab79 96733->96734 96734->96595 96736 a07510 53 API calls 96735->96736 96737 a8a306 96736->96737 96896 a6d4dc CreateToolhelp32Snapshot Process32FirstW 96737->96896 96739 a8a315 96739->96595 96917 a92ad8 96740->96917 96742 a9159f 96742->96595 96744 a1ce1f 96743->96744 96745 a1ce43 96744->96745 96928 a0b010 22 API calls messages 96744->96928 96745->96597 96747 a1ce2a messages 96747->96597 96748->96558 96749->96560 96750->96584 96751->96584 96752->96556 96753->96595 96754->96595 96755->96595 96756->96593 96757->96595 96758->96595 96759->96709 96760->96707 96761->96711 96762->96714 96764 a0b578 96763->96764 96765 a0b57f 96763->96765 96764->96765 96768 a262d1 39 API calls _strftime 96764->96768 96765->96717 96767 a0b5c2 96767->96717 96768->96767 96770 a8b01d ___scrt_fastfail 96769->96770 96771 a8b058 96770->96771 96772 a8b094 96770->96772 96773 a0b567 39 API calls 96771->96773 96775 a0b567 39 API calls 96772->96775 96779 a8b08b 96772->96779 96776 a8b063 96773->96776 96774 a8b0ed 96777 a07510 53 API calls 96774->96777 96778 a8b0a5 96775->96778 96776->96779 96780 a0b567 39 API calls 96776->96780 96782 a8b10b 96777->96782 96783 a0b567 39 API calls 96778->96783 96779->96774 96781 a0b567 39 API calls 96779->96781 96784 a8b078 96780->96784 96781->96774 96860 a07620 96782->96860 96783->96779 96786 a0b567 39 API calls 96784->96786 96786->96779 96787 a8b115 96788 a8b1d8 96787->96788 96789 a8b11f 96787->96789 96790 a8b20a GetCurrentDirectoryW 96788->96790 96792 a07510 53 API calls 96788->96792 96791 a07510 53 API calls 96789->96791 96793 a1fe0b 22 API calls 96790->96793 96794 a8b130 96791->96794 96795 a8b1ef 96792->96795 96796 a8b22f GetCurrentDirectoryW 96793->96796 96797 a07620 22 API calls 96794->96797 96798 a07620 22 API calls 96795->96798 96799 a8b23c 96796->96799 96800 a8b13a 96797->96800 96801 a8b1f9 _wcslen 96798->96801 96803 a8b275 96799->96803 96867 a09c6e 22 API calls 96799->96867 96802 a07510 53 API calls 96800->96802 96801->96790 96801->96803 96804 a8b14b 96802->96804 96811 a8b28b 96803->96811 96812 a8b287 96803->96812 96806 a07620 22 API calls 96804->96806 96808 a8b155 96806->96808 96807 a8b255 96868 a09c6e 22 API calls 96807->96868 96810 a07510 53 API calls 96808->96810 96814 a8b166 96810->96814 96870 a707c0 10 API calls 96811->96870 96816 a8b2f8 96812->96816 96817 a8b39a CreateProcessW 96812->96817 96813 a8b265 96869 a09c6e 22 API calls 96813->96869 96819 a07620 22 API calls 96814->96819 96873 a611c8 39 API calls 96816->96873 96839 a8b32f _wcslen 96817->96839 96822 a8b170 96819->96822 96820 a8b294 96871 a706e6 10 API calls 96820->96871 96825 a8b1a6 GetSystemDirectoryW 96822->96825 96830 a07510 53 API calls 96822->96830 96824 a8b2fd 96828 a8b32a 96824->96828 96829 a8b323 96824->96829 96827 a1fe0b 22 API calls 96825->96827 96826 a8b2aa 96872 a705a7 8 API calls 96826->96872 96833 a8b1cb GetSystemDirectoryW 96827->96833 96875 a614ce 6 API calls 96828->96875 96874 a61201 128 API calls 2 library calls 96829->96874 96835 a8b187 96830->96835 96832 a8b2d0 96832->96812 96833->96799 96838 a07620 22 API calls 96835->96838 96837 a8b328 96837->96839 96842 a8b191 _wcslen 96838->96842 96840 a8b42f CloseHandle 96839->96840 96841 a8b3d6 GetLastError 96839->96841 96843 a8b43f 96840->96843 96853 a8b49a 96840->96853 96849 a8b41a 96841->96849 96842->96799 96842->96825 96845 a8b451 96843->96845 96846 a8b446 CloseHandle 96843->96846 96847 a8b458 CloseHandle 96845->96847 96848 a8b463 96845->96848 96846->96845 96847->96848 96851 a8b46a CloseHandle 96848->96851 96852 a8b475 96848->96852 96864 a70175 96849->96864 96850 a8b4a6 96850->96849 96851->96852 96876 a709d9 34 API calls 96852->96876 96853->96850 96856 a8b4d2 CloseHandle 96853->96856 96856->96849 96858 a8b486 96877 a8b536 25 API calls 96858->96877 96861 a0762a _wcslen 96860->96861 96862 a1fe0b 22 API calls 96861->96862 96863 a0763f 96862->96863 96863->96787 96878 a7030f 96864->96878 96867->96807 96868->96813 96869->96803 96870->96820 96871->96826 96872->96832 96873->96824 96874->96837 96875->96839 96876->96858 96877->96853 96879 a70321 CloseHandle 96878->96879 96880 a70329 96878->96880 96879->96880 96881 a70336 96880->96881 96882 a7032e CloseHandle 96880->96882 96883 a70343 96881->96883 96884 a7033b CloseHandle 96881->96884 96882->96881 96885 a70350 96883->96885 96886 a70348 CloseHandle 96883->96886 96884->96883 96887 a70355 CloseHandle 96885->96887 96888 a7035d 96885->96888 96886->96885 96887->96888 96889 a70362 CloseHandle 96888->96889 96890 a7017d 96888->96890 96889->96890 96890->96725 96892 a6dc06 96891->96892 96893 a6dbdc GetFileAttributesW 96891->96893 96892->96731 96893->96892 96894 a6dbe8 FindFirstFileW 96893->96894 96894->96892 96895 a6dbf9 FindClose 96894->96895 96895->96892 96906 a6def7 96896->96906 96898 a6d5db CloseHandle 96898->96739 96899 a6d529 Process32NextW 96899->96898 96905 a6d522 96899->96905 96900 a0a961 22 API calls 96900->96905 96901 a09cb3 22 API calls 96901->96905 96905->96898 96905->96899 96905->96900 96905->96901 96912 a0525f 22 API calls 96905->96912 96913 a06350 22 API calls 96905->96913 96914 a1ce60 41 API calls 96905->96914 96907 a6df02 96906->96907 96908 a6df19 96907->96908 96911 a6df1f 96907->96911 96915 a263b2 GetStringTypeW _strftime 96907->96915 96916 a262fb 39 API calls _strftime 96908->96916 96911->96905 96912->96905 96913->96905 96914->96905 96915->96907 96916->96911 96918 a0aceb 23 API calls 96917->96918 96919 a92af3 96918->96919 96920 a92b1d 96919->96920 96921 a92aff 96919->96921 96922 a06b57 22 API calls 96920->96922 96923 a07510 53 API calls 96921->96923 96924 a92b1b 96922->96924 96925 a92b0c 96923->96925 96924->96742 96925->96924 96927 a0a8c7 22 API calls __fread_nolock 96925->96927 96927->96924 96928->96747 96930 a0ae01 96929->96930 96933 a0ae1c messages 96929->96933 96931 a0aec9 22 API calls 96930->96931 96932 a0ae09 CharUpperBuffW 96931->96932 96932->96933 96933->96619 96936 a0acae 96934->96936 96935 a0acd1 96935->96661 96936->96935 96961 a7359c 82 API calls __wsopen_s 96936->96961 96939 a0ad92 96938->96939 96940 a4fadb 96938->96940 96941 a1fddb 22 API calls 96939->96941 96942 a0ad99 96941->96942 96962 a0adcd 96942->96962 96945->96667 96946->96623 96947->96674 96948->96638 96949->96674 96950->96674 96951->96661 96952->96661 96953->96661 96954->96661 96955->96661 96956->96651 96957->96674 96958->96659 96959->96660 96960->96674 96961->96935 96968 a0addd 96962->96968 96963 a0adb6 96963->96661 96964 a1fddb 22 API calls 96964->96968 96965 a0a961 22 API calls 96965->96968 96967 a0adcd 22 API calls 96967->96968 96968->96963 96968->96964 96968->96965 96968->96967 96969 a0a8c7 22 API calls __fread_nolock 96968->96969 96969->96968 96970->96684 96971->96684 96972->96683 96973->96688 96974->96466 97630 a52a00 97646 a0d7b0 messages 97630->97646 97631 a0db11 PeekMessageW 97631->97646 97632 a0d807 GetInputState 97632->97631 97632->97646 97633 a51cbe TranslateAcceleratorW 97633->97646 97635 a0db8f PeekMessageW 97635->97646 97636 a0da04 timeGetTime 97636->97646 97637 a0db73 TranslateMessage DispatchMessageW 97637->97635 97638 a0dbaf Sleep 97638->97646 97639 a52b74 Sleep 97652 a52a51 97639->97652 97641 a51dda timeGetTime 97703 a1e300 23 API calls 97641->97703 97643 a6d4dc 47 API calls 97643->97652 97645 a52c0b GetExitCodeProcess 97648 a52c37 CloseHandle 97645->97648 97649 a52c21 WaitForSingleObject 97645->97649 97646->97631 97646->97632 97646->97633 97646->97635 97646->97636 97646->97637 97646->97638 97646->97639 97646->97641 97647 a0d9d5 97646->97647 97646->97652 97658 a0ec40 348 API calls 97646->97658 97659 a11310 348 API calls 97646->97659 97660 a0bf40 348 API calls 97646->97660 97662 a0dd50 97646->97662 97669 a0dfd0 97646->97669 97697 a1edf6 97646->97697 97702 a1e551 timeGetTime 97646->97702 97704 a73a2a 23 API calls 97646->97704 97705 a7359c 82 API calls __wsopen_s 97646->97705 97648->97652 97649->97646 97649->97648 97650 a929bf GetForegroundWindow 97650->97652 97652->97643 97652->97645 97652->97646 97652->97647 97652->97650 97653 a52ca9 Sleep 97652->97653 97706 a85658 23 API calls 97652->97706 97707 a6e97b QueryPerformanceCounter QueryPerformanceFrequency Sleep QueryPerformanceCounter Sleep 97652->97707 97708 a1e551 timeGetTime 97652->97708 97653->97646 97658->97646 97659->97646 97660->97646 97663 a0dd83 97662->97663 97664 a0dd6f 97662->97664 97741 a7359c 82 API calls __wsopen_s 97663->97741 97709 a0d260 97664->97709 97666 a0dd7a 97666->97646 97668 a52f75 97668->97668 97670 a0e010 97669->97670 97671 a52f7a 97670->97671 97674 a0e075 97670->97674 97672 a0ec40 348 API calls 97671->97672 97673 a52f8c 97672->97673 97690 a0e0dc messages 97673->97690 97751 a7359c 82 API calls __wsopen_s 97673->97751 97674->97690 97752 a20242 5 API calls __Init_thread_wait 97674->97752 97678 a52fca 97680 a0a961 22 API calls 97678->97680 97678->97690 97679 a0a961 22 API calls 97679->97690 97683 a52fe4 97680->97683 97753 a200a3 29 API calls __onexit 97683->97753 97685 a52fee 97754 a201f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 97685->97754 97690->97679 97691 a7359c 82 API calls 97690->97691 97692 a0ec40 348 API calls 97690->97692 97693 a0e3e1 97690->97693 97694 a104f0 22 API calls 97690->97694 97748 a0a8c7 22 API calls __fread_nolock 97690->97748 97749 a0a81b 41 API calls 97690->97749 97750 a1a308 348 API calls 97690->97750 97755 a20242 5 API calls __Init_thread_wait 97690->97755 97756 a200a3 29 API calls __onexit 97690->97756 97757 a201f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 97690->97757 97758 a847d4 348 API calls 97690->97758 97759 a868c1 348 API calls 97690->97759 97691->97690 97692->97690 97693->97646 97694->97690 97698 a1ee09 97697->97698 97699 a1ee12 97697->97699 97698->97646 97699->97698 97700 a1ee36 IsDialogMessageW 97699->97700 97701 a5efaf GetClassLongW 97699->97701 97700->97698 97700->97699 97701->97699 97701->97700 97702->97646 97703->97646 97704->97646 97705->97646 97706->97652 97707->97652 97708->97652 97710 a0ec40 348 API calls 97709->97710 97713 a0d29d 97710->97713 97711 a0d30b messages 97711->97666 97713->97711 97714 a0d3c3 97713->97714 97719 a0d6d5 97713->97719 97721 a0d4b8 97713->97721 97726 a51bc4 97713->97726 97730 a1fddb 22 API calls 97713->97730 97736 a0d429 __fread_nolock messages 97713->97736 97716 a0d3ce 97714->97716 97714->97719 97715 a0d5ff 97717 a51bb5 97715->97717 97718 a0d614 97715->97718 97720 a1fddb 22 API calls 97716->97720 97746 a85705 23 API calls 97717->97746 97723 a1fddb 22 API calls 97718->97723 97719->97711 97724 a1fe0b 22 API calls 97719->97724 97729 a0d3d5 __fread_nolock 97720->97729 97725 a1fe0b 22 API calls 97721->97725 97733 a0d46a 97723->97733 97724->97729 97725->97736 97747 a7359c 82 API calls __wsopen_s 97726->97747 97727 a1fddb 22 API calls 97728 a0d3f6 97727->97728 97728->97736 97742 a0bec0 348 API calls 97728->97742 97729->97727 97729->97728 97730->97713 97732 a51ba4 97745 a7359c 82 API calls __wsopen_s 97732->97745 97733->97666 97735 a01f6f 348 API calls 97735->97736 97736->97715 97736->97732 97736->97733 97736->97735 97737 a51b7f 97736->97737 97739 a51b5d 97736->97739 97744 a7359c 82 API calls __wsopen_s 97737->97744 97743 a7359c 82 API calls __wsopen_s 97739->97743 97741->97668 97742->97736 97743->97733 97744->97733 97745->97733 97746->97726 97747->97711 97748->97690 97749->97690 97750->97690 97751->97690 97752->97678 97753->97685 97754->97690 97755->97690 97756->97690 97757->97690 97758->97690 97759->97690 97760 a42402 97763 a01410 97760->97763 97764 a424b8 DestroyWindow 97763->97764 97765 a0144f mciSendStringW 97763->97765 97778 a424c4 97764->97778 97766 a016c6 97765->97766 97767 a0146b 97765->97767 97766->97767 97769 a016d5 UnregisterHotKey 97766->97769 97768 a01479 97767->97768 97767->97778 97796 a0182e 97768->97796 97769->97766 97771 a42509 97777 a4251c FreeLibrary 97771->97777 97779 a4252d 97771->97779 97772 a424e2 FindClose 97772->97778 97773 a424d8 97773->97778 97802 a06246 CloseHandle 97773->97802 97776 a0148e 97776->97779 97784 a0149c 97776->97784 97777->97771 97778->97771 97778->97772 97778->97773 97780 a42541 VirtualFree 97779->97780 97787 a01509 97779->97787 97780->97779 97781 a014f8 CoUninitialize 97781->97787 97782 a01514 97786 a01524 97782->97786 97783 a42589 97789 a42598 messages 97783->97789 97803 a732eb 6 API calls messages 97783->97803 97784->97781 97800 a01944 VirtualFreeEx CloseHandle 97786->97800 97787->97782 97787->97783 97792 a42627 97789->97792 97804 a664d4 22 API calls messages 97789->97804 97791 a0153a 97791->97789 97793 a0161f 97791->97793 97792->97792 97793->97792 97801 a01876 CloseHandle InternetCloseHandle InternetCloseHandle WaitForSingleObject 97793->97801 97795 a016c1 97797 a0183b 97796->97797 97798 a01480 97797->97798 97805 a6702a 22 API calls 97797->97805 97798->97771 97798->97776 97800->97791 97801->97795 97802->97773 97803->97783 97804->97789 97805->97797 96975 a01cad SystemParametersInfoW 96976 a53f75 96987 a1ceb1 96976->96987 96978 a53f8b 96979 a54006 96978->96979 96996 a1e300 23 API calls 96978->96996 96981 a0bf40 348 API calls 96979->96981 96982 a54052 96981->96982 96986 a54a88 96982->96986 96998 a7359c 82 API calls __wsopen_s 96982->96998 96984 a53fe6 96984->96982 96997 a71abf 22 API calls 96984->96997 96988 a1ced2 96987->96988 96989 a1cebf 96987->96989 96991 a1cf05 96988->96991 96992 a1ced7 96988->96992 96990 a0aceb 23 API calls 96989->96990 96995 a1cec9 96990->96995 96994 a0aceb 23 API calls 96991->96994 96993 a1fddb 22 API calls 96992->96993 96993->96995 96994->96995 96995->96978 96996->96984 96997->96979 96998->96986 97806 a5d255 97807 a03b1c 3 API calls 97806->97807 97808 a5d275 97806->97808 97807->97808 97808->97808 96999 a01033 97004 a04c91 96999->97004 97003 a01042 97005 a0a961 22 API calls 97004->97005 97006 a04cff 97005->97006 97012 a03af0 97006->97012 97009 a04d9c 97010 a01038 97009->97010 97015 a051f7 22 API calls __fread_nolock 97009->97015 97011 a200a3 29 API calls __onexit 97010->97011 97011->97003 97016 a03b1c 97012->97016 97015->97009 97017 a03b29 97016->97017 97018 a03b0f 97016->97018 97017->97018 97019 a03b30 RegOpenKeyExW 97017->97019 97018->97009 97019->97018 97020 a03b4a RegQueryValueExW 97019->97020 97021 a03b80 RegCloseKey 97020->97021 97022 a03b6b 97020->97022 97021->97018 97022->97021 97023 a0fe73 97024 a1ceb1 23 API calls 97023->97024 97025 a0fe89 97024->97025 97030 a1cf92 97025->97030 97027 a0feb3 97042 a7359c 82 API calls __wsopen_s 97027->97042 97029 a54ab8 97031 a06270 22 API calls 97030->97031 97032 a1cfc9 97031->97032 97033 a09cb3 22 API calls 97032->97033 97036 a1cffa 97032->97036 97034 a5d166 97033->97034 97043 a06350 22 API calls 97034->97043 97036->97027 97037 a5d171 97044 a1d2f0 40 API calls 97037->97044 97039 a5d184 97040 a0aceb 23 API calls 97039->97040 97041 a5d188 97039->97041 97040->97041 97041->97041 97042->97029 97043->97037 97044->97039 97809 a03156 97812 a03170 97809->97812 97813 a03187 97812->97813 97814 a031e9 97813->97814 97815 a031eb 97813->97815 97816 a0318c 97813->97816 97817 a031d0 DefWindowProcW 97814->97817 97818 a031f1 97815->97818 97819 a42dfb 97815->97819 97820 a03265 PostQuitMessage 97816->97820 97821 a03199 97816->97821 97822 a0316a 97817->97822 97823 a031f8 97818->97823 97824 a0321d SetTimer RegisterWindowMessageW 97818->97824 97867 a018e2 10 API calls 97819->97867 97820->97822 97826 a031a4 97821->97826 97827 a42e7c 97821->97827 97828 a03201 KillTimer 97823->97828 97829 a42d9c 97823->97829 97824->97822 97831 a03246 CreatePopupMenu 97824->97831 97832 a42e68 97826->97832 97833 a031ae 97826->97833 97870 a6bf30 34 API calls ___scrt_fastfail 97827->97870 97837 a030f2 Shell_NotifyIconW 97828->97837 97835 a42dd7 MoveWindow 97829->97835 97836 a42da1 97829->97836 97830 a42e1c 97868 a1e499 42 API calls 97830->97868 97831->97822 97857 a6c161 97832->97857 97840 a42e4d 97833->97840 97841 a031b9 97833->97841 97835->97822 97843 a42dc6 SetFocus 97836->97843 97844 a42da7 97836->97844 97845 a03214 97837->97845 97840->97817 97869 a60ad7 22 API calls 97840->97869 97846 a031c4 97841->97846 97847 a03253 97841->97847 97842 a42e8e 97842->97817 97842->97822 97843->97822 97844->97846 97848 a42db0 97844->97848 97864 a03c50 DeleteObject DestroyWindow 97845->97864 97846->97817 97854 a030f2 Shell_NotifyIconW 97846->97854 97865 a0326f 44 API calls ___scrt_fastfail 97847->97865 97866 a018e2 10 API calls 97848->97866 97853 a03263 97853->97822 97855 a42e41 97854->97855 97856 a03837 49 API calls 97855->97856 97856->97814 97858 a6c276 97857->97858 97859 a6c179 ___scrt_fastfail 97857->97859 97858->97822 97860 a03923 24 API calls 97859->97860 97862 a6c1a0 97860->97862 97861 a6c25f KillTimer SetTimer 97861->97858 97862->97861 97863 a6c251 Shell_NotifyIconW 97862->97863 97863->97861 97864->97822 97865->97853 97866->97822 97867->97830 97868->97846 97869->97814 97870->97842 97045 a02e37 97046 a0a961 22 API calls 97045->97046 97047 a02e4d 97046->97047 97124 a04ae3 97047->97124 97049 a02e6b 97050 a03a5a 24 API calls 97049->97050 97051 a02e7f 97050->97051 97052 a09cb3 22 API calls 97051->97052 97053 a02e8c 97052->97053 97054 a04ecb 94 API calls 97053->97054 97055 a02ea5 97054->97055 97056 a42cb0 97055->97056 97057 a02ead 97055->97057 97058 a72cf9 80 API calls 97056->97058 97138 a0a8c7 22 API calls __fread_nolock 97057->97138 97059 a42cc3 97058->97059 97061 a42ccf 97059->97061 97063 a04f39 68 API calls 97059->97063 97065 a04f39 68 API calls 97061->97065 97062 a02ec3 97139 a06f88 22 API calls 97062->97139 97063->97061 97067 a42ce5 97065->97067 97066 a02ecf 97068 a09cb3 22 API calls 97066->97068 97156 a03084 22 API calls 97067->97156 97069 a02edc 97068->97069 97140 a0a81b 41 API calls 97069->97140 97072 a02eec 97074 a09cb3 22 API calls 97072->97074 97073 a42d02 97157 a03084 22 API calls 97073->97157 97075 a02f12 97074->97075 97141 a0a81b 41 API calls 97075->97141 97078 a42d1e 97079 a03a5a 24 API calls 97078->97079 97080 a42d44 97079->97080 97158 a03084 22 API calls 97080->97158 97081 a02f21 97084 a0a961 22 API calls 97081->97084 97083 a42d50 97159 a0a8c7 22 API calls __fread_nolock 97083->97159 97086 a02f3f 97084->97086 97142 a03084 22 API calls 97086->97142 97087 a42d5e 97160 a03084 22 API calls 97087->97160 97090 a02f4b 97143 a24a28 40 API calls 3 library calls 97090->97143 97091 a42d6d 97161 a0a8c7 22 API calls __fread_nolock 97091->97161 97093 a02f59 97093->97067 97094 a02f63 97093->97094 97144 a24a28 40 API calls 3 library calls 97094->97144 97097 a02f6e 97097->97073 97099 a02f78 97097->97099 97098 a42d83 97162 a03084 22 API calls 97098->97162 97145 a24a28 40 API calls 3 library calls 97099->97145 97102 a42d90 97103 a02f83 97103->97078 97104 a02f8d 97103->97104 97146 a24a28 40 API calls 3 library calls 97104->97146 97106 a02f98 97107 a02fdc 97106->97107 97147 a03084 22 API calls 97106->97147 97107->97091 97108 a02fe8 97107->97108 97108->97102 97150 a063eb 22 API calls 97108->97150 97111 a02fbf 97148 a0a8c7 22 API calls __fread_nolock 97111->97148 97112 a02ff8 97151 a06a50 22 API calls 97112->97151 97115 a02fcd 97149 a03084 22 API calls 97115->97149 97116 a03006 97152 a070b0 23 API calls 97116->97152 97121 a03021 97122 a03065 97121->97122 97153 a06f88 22 API calls 97121->97153 97154 a070b0 23 API calls 97121->97154 97155 a03084 22 API calls 97121->97155 97125 a04af0 __wsopen_s 97124->97125 97126 a06b57 22 API calls 97125->97126 97127 a04b22 97125->97127 97126->97127 97137 a04b58 97127->97137 97163 a04c6d 97127->97163 97129 a04c29 97130 a09cb3 22 API calls 97129->97130 97131 a04c5e 97129->97131 97133 a04c52 97130->97133 97131->97049 97132 a09cb3 22 API calls 97132->97137 97134 a0515f 22 API calls 97133->97134 97134->97131 97135 a04c6d 22 API calls 97135->97137 97136 a0515f 22 API calls 97136->97137 97137->97129 97137->97132 97137->97135 97137->97136 97138->97062 97139->97066 97140->97072 97141->97081 97142->97090 97143->97093 97144->97097 97145->97103 97146->97106 97147->97111 97148->97115 97149->97107 97150->97112 97151->97116 97152->97121 97153->97121 97154->97121 97155->97121 97156->97073 97157->97078 97158->97083 97159->97087 97160->97091 97161->97098 97162->97102 97164 a0aec9 22 API calls 97163->97164 97165 a04c78 97164->97165 97165->97127 97871 a01098 97876 a042de 97871->97876 97875 a010a7 97877 a0a961 22 API calls 97876->97877 97878 a042f5 GetVersionExW 97877->97878 97879 a06b57 22 API calls 97878->97879 97880 a04342 97879->97880 97881 a093b2 22 API calls 97880->97881 97883 a04378 97880->97883 97882 a0436c 97881->97882 97885 a037a0 22 API calls 97882->97885 97884 a0441b GetCurrentProcess IsWow64Process 97883->97884 97891 a437df 97883->97891 97886 a04437 97884->97886 97885->97883 97887 a43824 GetSystemInfo 97886->97887 97888 a0444f LoadLibraryA 97886->97888 97889 a04460 GetProcAddress 97888->97889 97890 a0449c GetSystemInfo 97888->97890 97889->97890 97892 a04470 GetNativeSystemInfo 97889->97892 97893 a04476 97890->97893 97892->97893 97894 a0109d 97893->97894 97895 a0447a FreeLibrary 97893->97895 97896 a200a3 29 API calls __onexit 97894->97896 97895->97894 97896->97875 97166 a203fb 97167 a20407 ___scrt_is_nonwritable_in_current_image 97166->97167 97195 a1feb1 97167->97195 97169 a2040e 97170 a20561 97169->97170 97173 a20438 97169->97173 97225 a2083f IsProcessorFeaturePresent IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter ___scrt_fastfail 97170->97225 97172 a20568 97218 a24e52 97172->97218 97184 a20477 ___scrt_is_nonwritable_in_current_image ___scrt_release_startup_lock 97173->97184 97206 a3247d 97173->97206 97180 a20457 97182 a204d8 97214 a20959 97182->97214 97184->97182 97221 a24e1a 38 API calls 2 library calls 97184->97221 97186 a204de 97187 a204f3 97186->97187 97222 a20992 GetModuleHandleW 97187->97222 97189 a204fa 97189->97172 97190 a204fe 97189->97190 97191 a20507 97190->97191 97223 a24df5 28 API calls _abort 97190->97223 97224 a20040 13 API calls 2 library calls 97191->97224 97194 a2050f 97194->97180 97196 a1feba 97195->97196 97227 a20698 IsProcessorFeaturePresent 97196->97227 97198 a1fec6 97228 a22c94 10 API calls 3 library calls 97198->97228 97200 a1fecb 97201 a1fecf 97200->97201 97229 a32317 97200->97229 97201->97169 97204 a1fee6 97204->97169 97207 a32494 97206->97207 97208 a20a8c _ValidateLocalCookies 5 API calls 97207->97208 97209 a20451 97208->97209 97209->97180 97210 a32421 97209->97210 97212 a32450 97210->97212 97211 a20a8c _ValidateLocalCookies 5 API calls 97213 a32479 97211->97213 97212->97211 97213->97184 97288 a22340 97214->97288 97217 a2097f 97217->97186 97290 a24bcf 97218->97290 97221->97182 97222->97189 97223->97191 97224->97194 97225->97172 97227->97198 97228->97200 97233 a3d1f6 97229->97233 97232 a22cbd 8 API calls 3 library calls 97232->97201 97236 a3d213 97233->97236 97237 a3d20f 97233->97237 97235 a1fed8 97235->97204 97235->97232 97236->97237 97239 a34bfb 97236->97239 97251 a20a8c 97237->97251 97240 a34c07 ___scrt_is_nonwritable_in_current_image 97239->97240 97258 a32f5e EnterCriticalSection 97240->97258 97242 a34c0e 97259 a350af 97242->97259 97244 a34c1d 97245 a34c2c 97244->97245 97272 a34a8f 29 API calls 97244->97272 97274 a34c48 LeaveCriticalSection _abort 97245->97274 97248 a34c27 97273 a34b45 GetStdHandle GetFileType 97248->97273 97249 a34c3d __fread_nolock 97249->97236 97252 a20a97 IsProcessorFeaturePresent 97251->97252 97253 a20a95 97251->97253 97255 a20c5d 97252->97255 97253->97235 97287 a20c21 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 97255->97287 97257 a20d40 97257->97235 97258->97242 97260 a350bb ___scrt_is_nonwritable_in_current_image 97259->97260 97261 a350c8 97260->97261 97262 a350df 97260->97262 97283 a2f2d9 20 API calls _abort 97261->97283 97275 a32f5e EnterCriticalSection 97262->97275 97265 a350cd 97284 a327ec 26 API calls __fread_nolock 97265->97284 97267 a350d7 __fread_nolock 97267->97244 97268 a35117 97285 a3513e LeaveCriticalSection _abort 97268->97285 97269 a350eb 97269->97268 97276 a35000 97269->97276 97272->97248 97273->97245 97274->97249 97275->97269 97277 a34c7d _abort 20 API calls 97276->97277 97278 a35012 97277->97278 97282 a3501f 97278->97282 97286 a33405 11 API calls 2 library calls 97278->97286 97279 a329c8 _free 20 API calls 97281 a35071 97279->97281 97281->97269 97282->97279 97283->97265 97284->97267 97285->97267 97286->97278 97287->97257 97289 a2096c GetStartupInfoW 97288->97289 97289->97217 97291 a24bdb _abort 97290->97291 97292 a24be2 97291->97292 97293 a24bf4 97291->97293 97329 a24d29 GetModuleHandleW 97292->97329 97314 a32f5e EnterCriticalSection 97293->97314 97296 a24be7 97296->97293 97330 a24d6d GetModuleHandleExW 97296->97330 97297 a24c99 97318 a24cd9 97297->97318 97301 a24c70 97305 a24c88 97301->97305 97310 a32421 _abort 5 API calls 97301->97310 97303 a24ce2 97338 a41d29 5 API calls _ValidateLocalCookies 97303->97338 97304 a24cb6 97321 a24ce8 97304->97321 97311 a32421 _abort 5 API calls 97305->97311 97306 a24bfb 97306->97297 97306->97301 97315 a321a8 97306->97315 97310->97305 97311->97297 97314->97306 97339 a31ee1 97315->97339 97358 a32fa6 LeaveCriticalSection 97318->97358 97320 a24cb2 97320->97303 97320->97304 97359 a3360c 97321->97359 97324 a24d16 97327 a24d6d _abort 8 API calls 97324->97327 97325 a24cf6 GetPEB 97325->97324 97326 a24d06 GetCurrentProcess TerminateProcess 97325->97326 97326->97324 97328 a24d1e ExitProcess 97327->97328 97329->97296 97331 a24d97 GetProcAddress 97330->97331 97332 a24dba 97330->97332 97337 a24dac 97331->97337 97333 a24dc0 FreeLibrary 97332->97333 97334 a24dc9 97332->97334 97333->97334 97335 a20a8c _ValidateLocalCookies 5 API calls 97334->97335 97336 a24bf3 97335->97336 97336->97293 97337->97332 97342 a31e90 97339->97342 97341 a31f05 97341->97301 97343 a31e9c ___scrt_is_nonwritable_in_current_image 97342->97343 97350 a32f5e EnterCriticalSection 97343->97350 97345 a31eaa 97351 a31f31 97345->97351 97349 a31ec8 __fread_nolock 97349->97341 97350->97345 97354 a31f59 97351->97354 97355 a31f51 97351->97355 97352 a20a8c _ValidateLocalCookies 5 API calls 97353 a31eb7 97352->97353 97357 a31ed5 LeaveCriticalSection _abort 97353->97357 97354->97355 97356 a329c8 _free 20 API calls 97354->97356 97355->97352 97356->97355 97357->97349 97358->97320 97360 a33631 97359->97360 97361 a33627 97359->97361 97366 a32fd7 5 API calls 2 library calls 97360->97366 97363 a20a8c _ValidateLocalCookies 5 API calls 97361->97363 97364 a24cf2 97363->97364 97364->97324 97364->97325 97365 a33648 97365->97361 97366->97365 97897 a1f698 97898 a1f6a2 97897->97898 97900 a1f6c3 97897->97900 97906 a0af8a 97898->97906 97904 a5f2f8 97900->97904 97914 a64d4a 22 API calls messages 97900->97914 97901 a1f6b2 97903 a0af8a 22 API calls 97901->97903 97905 a1f6c2 97903->97905 97907 a0af98 97906->97907 97913 a0afc0 messages 97906->97913 97908 a0afa6 97907->97908 97909 a0af8a 22 API calls 97907->97909 97910 a0afac 97908->97910 97911 a0af8a 22 API calls 97908->97911 97909->97908 97910->97913 97915 a0b090 97910->97915 97911->97910 97913->97901 97914->97900 97916 a0b09b messages 97915->97916 97917 a1ce17 22 API calls 97916->97917 97918 a0b0d6 messages 97916->97918 97917->97918 97918->97913 97919 a5d79f 97920 a03b1c 3 API calls 97919->97920 97921 a5d7bf 97920->97921 97924 a09c6e 22 API calls 97921->97924 97923 a5d7ef 97923->97923 97924->97923 97925 a5d35f 97926 a5d30c 97925->97926 97928 a6df27 SHGetFolderPathW 97926->97928 97929 a06b57 22 API calls 97928->97929 97930 a6df54 97929->97930 97930->97926 97931 a0105b 97936 a0344d 97931->97936 97933 a0106a 97967 a200a3 29 API calls __onexit 97933->97967 97935 a01074 97937 a0345d __wsopen_s 97936->97937 97938 a0a961 22 API calls 97937->97938 97939 a03513 97938->97939 97940 a03a5a 24 API calls 97939->97940 97941 a0351c 97940->97941 97968 a03357 97941->97968 97944 a033c6 22 API calls 97945 a03535 97944->97945 97946 a0515f 22 API calls 97945->97946 97947 a03544 97946->97947 97948 a0a961 22 API calls 97947->97948 97949 a0354d 97948->97949 97950 a0a6c3 22 API calls 97949->97950 97951 a03556 RegOpenKeyExW 97950->97951 97952 a43176 RegQueryValueExW 97951->97952 97956 a03578 97951->97956 97953 a43193 97952->97953 97954 a4320c RegCloseKey 97952->97954 97955 a1fe0b 22 API calls 97953->97955 97954->97956 97965 a4321e _wcslen 97954->97965 97957 a431ac 97955->97957 97956->97933 97958 a05722 22 API calls 97957->97958 97959 a431b7 RegQueryValueExW 97958->97959 97960 a431d4 97959->97960 97962 a431ee messages 97959->97962 97961 a06b57 22 API calls 97960->97961 97961->97962 97962->97954 97963 a09cb3 22 API calls 97963->97965 97964 a0515f 22 API calls 97964->97965 97965->97956 97965->97963 97965->97964 97966 a04c6d 22 API calls 97965->97966 97966->97965 97967->97935 97969 a41f50 __wsopen_s 97968->97969 97970 a03364 GetFullPathNameW 97969->97970 97971 a03386 97970->97971 97972 a06b57 22 API calls 97971->97972 97973 a033a4 97972->97973 97973->97944 97367 a0defc 97370 a01d6f 97367->97370 97369 a0df07 97371 a01d8c 97370->97371 97379 a01f6f 97371->97379 97373 a01da6 97374 a42759 97373->97374 97376 a01e36 97373->97376 97377 a01dc2 97373->97377 97383 a7359c 82 API calls __wsopen_s 97374->97383 97376->97369 97377->97376 97382 a0289a 23 API calls 97377->97382 97380 a0ec40 348 API calls 97379->97380 97381 a01f98 97380->97381 97381->97373 97382->97376 97383->97376 97974 a92a55 97982 a71ebc 97974->97982 97977 a92a70 97984 a639c0 22 API calls 97977->97984 97979 a92a87 97980 a92a7c 97985 a6417d 22 API calls __fread_nolock 97980->97985 97983 a71ec3 IsWindow 97982->97983 97983->97977 97983->97979 97984->97980 97985->97979 97384 a5d27a GetUserNameW 97385 a5d292 97384->97385 97986 a5d29a 97989 a6de27 WSAStartup 97986->97989 97988 a5d2a5 97990 a6dee6 97989->97990 97991 a6de50 gethostname gethostbyname 97989->97991 97990->97988 97991->97990 97992 a6de73 __fread_nolock 97991->97992 97993 a6dea5 inet_ntoa 97992->97993 97997 a6de87 97992->97997 97995 a6debe _strcat 97993->97995 97994 a6dede WSACleanup 97994->97990 97998 a6ebd1 97995->97998 97997->97994 97999 a6ec37 97998->97999 98000 a6ebe0 _strlen 97998->98000 97999->97997 98001 a6ebef MultiByteToWideChar 98000->98001 98001->97999 98002 a6ec04 98001->98002 98003 a1fe0b 22 API calls 98002->98003 98004 a6ec20 MultiByteToWideChar 98003->98004 98004->97999

                                                                                                                                                                                                                                                                                                                                                                            Executed Functions

                                                                                                                                                                                                                                                                                                                                                                            Function 00A042DE Relevance: 21.2, APIs: 9, Strings: 3, Instructions: 235libraryloaderCOMMON
                                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                                                                                                                                            control_flow_graph 389 a042de-a0434d call a0a961 GetVersionExW call a06b57 394 a43617-a4362a 389->394 395 a04353 389->395 397 a4362b-a4362f 394->397 396 a04355-a04357 395->396 398 a43656 396->398 399 a0435d-a043bc call a093b2 call a037a0 396->399 400 a43631 397->400 401 a43632-a4363e 397->401 405 a4365d-a43660 398->405 418 a043c2-a043c4 399->418 419 a437df-a437e6 399->419 400->401 401->397 402 a43640-a43642 401->402 402->396 404 a43648-a4364f 402->404 404->394 407 a43651 404->407 408 a43666-a436a8 405->408 409 a0441b-a04435 GetCurrentProcess IsWow64Process 405->409 407->398 408->409 413 a436ae-a436b1 408->413 411 a04494-a0449a 409->411 412 a04437 409->412 415 a0443d-a04449 411->415 412->415 416 a436b3-a436bd 413->416 417 a436db-a436e5 413->417 420 a43824-a43828 GetSystemInfo 415->420 421 a0444f-a0445e LoadLibraryA 415->421 422 a436bf-a436c5 416->422 423 a436ca-a436d6 416->423 425 a436e7-a436f3 417->425 426 a436f8-a43702 417->426 418->405 424 a043ca-a043dd 418->424 427 a43806-a43809 419->427 428 a437e8 419->428 431 a04460-a0446e GetProcAddress 421->431 432 a0449c-a044a6 GetSystemInfo 421->432 422->409 423->409 433 a43726-a4372f 424->433 434 a043e3-a043e5 424->434 425->409 436 a43704-a43710 426->436 437 a43715-a43721 426->437 429 a437f4-a437fc 427->429 430 a4380b-a4381a 427->430 435 a437ee 428->435 429->427 430->435 440 a4381c-a43822 430->440 431->432 441 a04470-a04474 GetNativeSystemInfo 431->441 442 a04476-a04478 432->442 438 a43731-a43737 433->438 439 a4373c-a43748 433->439 443 a4374d-a43762 434->443 444 a043eb-a043ee 434->444 435->429 436->409 437->409 438->409 439->409 440->429 441->442 447 a04481-a04493 442->447 448 a0447a-a0447b FreeLibrary 442->448 445 a43764-a4376a 443->445 446 a4376f-a4377b 443->446 449 a043f4-a0440f 444->449 450 a43791-a43794 444->450 445->409 446->409 448->447 451 a43780-a4378c 449->451 452 a04415 449->452 450->409 453 a4379a-a437c1 450->453 451->409 452->409 454 a437c3-a437c9 453->454 455 a437ce-a437da 453->455 454->409 455->409
                                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                                            • GetVersionExW.KERNEL32(?), ref: 00A0430D
                                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00A06B57: _wcslen.LIBCMT ref: 00A06B6A
                                                                                                                                                                                                                                                                                                                                                                            • GetCurrentProcess.KERNEL32(?,00A9CB64,00000000,?,?), ref: 00A04422
                                                                                                                                                                                                                                                                                                                                                                            • IsWow64Process.KERNEL32(00000000,?,?), ref: 00A04429
                                                                                                                                                                                                                                                                                                                                                                            • LoadLibraryA.KERNEL32(kernel32.dll,?,?), ref: 00A04454
                                                                                                                                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,GetNativeSystemInfo), ref: 00A04466
                                                                                                                                                                                                                                                                                                                                                                            • GetNativeSystemInfo.KERNEL32(?,?,?), ref: 00A04474
                                                                                                                                                                                                                                                                                                                                                                            • FreeLibrary.KERNEL32(00000000,?,?), ref: 00A0447B
                                                                                                                                                                                                                                                                                                                                                                            • GetSystemInfo.KERNEL32(?,?,?), ref: 00A044A0
                                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2226104040.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226057028.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226471803.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226549313.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a00000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                                            • API ID: InfoLibraryProcessSystem$AddressCurrentFreeLoadNativeProcVersionWow64_wcslen
                                                                                                                                                                                                                                                                                                                                                                            • String ID: GetNativeSystemInfo$kernel32.dll$|O
                                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3290436268-3101561225
                                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 8cd282573c20b1cb25f2662c8b1f91d790d9cdebe8de93b35e865463aaae15f2
                                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 0aa2a0d01a97b9c341f31f59668bd33e645e84415fdd03b614e67b8c30de02f4
                                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 8cd282573c20b1cb25f2662c8b1f91d790d9cdebe8de93b35e865463aaae15f2
                                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9DA1C7B690B3C4FFCB91C7E9BC851957FA5BB66700B18489BD0839FA62D2314607DB21
                                                                                                                                                                                                                                                                                                                                                                            Function 00A042A2 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 61COMMON
                                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                                                                                                                                            control_flow_graph 817 a042a2-a042ba CreateStreamOnHGlobal 818 a042da-a042dd 817->818 819 a042bc-a042d3 FindResourceExW 817->819 820 a042d9 819->820 821 a435ba-a435c9 LoadResource 819->821 820->818 821->820 822 a435cf-a435dd SizeofResource 821->822 822->820 823 a435e3-a435ee LockResource 822->823 823->820 824 a435f4-a43612 823->824 824->820
                                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                                            • CreateStreamOnHGlobal.COMBASE(00000000,00000001,?,?,?,?,?,00A050AA,?,?,00000000,00000000), ref: 00A042B2
                                                                                                                                                                                                                                                                                                                                                                            • FindResourceExW.KERNEL32(?,0000000A,SCRIPT,00000000,?,?,00A050AA,?,?,00000000,00000000), ref: 00A042C9
                                                                                                                                                                                                                                                                                                                                                                            • LoadResource.KERNEL32(?,00000000,?,?,00A050AA,?,?,00000000,00000000,?,?,?,?,?,?,00A04F20), ref: 00A435BE
                                                                                                                                                                                                                                                                                                                                                                            • SizeofResource.KERNEL32(?,00000000,?,?,00A050AA,?,?,00000000,00000000,?,?,?,?,?,?,00A04F20), ref: 00A435D3
                                                                                                                                                                                                                                                                                                                                                                            • LockResource.KERNEL32(00A050AA,?,?,00A050AA,?,?,00000000,00000000,?,?,?,?,?,?,00A04F20,?), ref: 00A435E6
                                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2226104040.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226057028.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226471803.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226549313.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a00000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                                            • API ID: Resource$CreateFindGlobalLoadLockSizeofStream
                                                                                                                                                                                                                                                                                                                                                                            • String ID: SCRIPT
                                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3051347437-3967369404
                                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: ed765d32bc0aea1134e4fddaa50086afb962de5f54753b80cf991f106787959d
                                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 56e3dcd90e2db2b343185272d30b45b7a82242fd7a44860966bff67439a31f8f
                                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: ed765d32bc0aea1134e4fddaa50086afb962de5f54753b80cf991f106787959d
                                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: A0117CB1300B04BFDB219BA5EC48FA77BB9FBC9B61F10816AB502D6290DF71D8018630
                                                                                                                                                                                                                                                                                                                                                                            Function 00A42BA5 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 62COMMON
                                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                                            • SetCurrentDirectoryW.KERNEL32(?), ref: 00A02B6B
                                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00A03A5A: GetModuleFileNameW.KERNEL32(00000000,?,00007FFF,00AD1418,?,00A02E7F,?,?,?,00000000), ref: 00A03A78
                                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00A09CB3: _wcslen.LIBCMT ref: 00A09CBD
                                                                                                                                                                                                                                                                                                                                                                            • GetForegroundWindow.USER32(runas,?,?,?,?,?,00AC2224), ref: 00A42C10
                                                                                                                                                                                                                                                                                                                                                                            • ShellExecuteW.SHELL32(00000000,?,?,00AC2224), ref: 00A42C17
                                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2226104040.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226057028.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226471803.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226549313.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a00000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                                            • API ID: CurrentDirectoryExecuteFileForegroundModuleNameShellWindow_wcslen
                                                                                                                                                                                                                                                                                                                                                                            • String ID: runas
                                                                                                                                                                                                                                                                                                                                                                            • API String ID: 448630720-4000483414
                                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 5955b0bbcfa2c4f5064367bfcd30b456dc27a4be359f8a431b505e946bbc1dc0
                                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 4addac14d7e714eb3e080a56ebbb206201f5d3d7acee7dc071272eb307f48769
                                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 5955b0bbcfa2c4f5064367bfcd30b456dc27a4be359f8a431b505e946bbc1dc0
                                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 661106726083496ACB04FFA0FA56FBE77A8AB91350F44082EF142460E3CF20894AC713
                                                                                                                                                                                                                                                                                                                                                                            Function 00A6D4DC Relevance: 6.1, APIs: 4, Instructions: 86processCOMMON
                                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                                            • CreateToolhelp32Snapshot.KERNEL32 ref: 00A6D501
                                                                                                                                                                                                                                                                                                                                                                            • Process32FirstW.KERNEL32(00000000,?), ref: 00A6D50F
                                                                                                                                                                                                                                                                                                                                                                            • Process32NextW.KERNEL32(00000000,?), ref: 00A6D52F
                                                                                                                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 00A6D5DC
                                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2226104040.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226057028.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226471803.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226549313.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a00000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                                            • API ID: Process32$CloseCreateFirstHandleNextSnapshotToolhelp32
                                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                                            • API String ID: 420147892-0
                                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 28f2203f660066931b1cd981e7e50da21a87ddac7c24b14eb775101ec4640758
                                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 1335366f8ca703f128c0beba125ffc1aaea47c3eb4d5ec1cd84c5f273508bdb4
                                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 28f2203f660066931b1cd981e7e50da21a87ddac7c24b14eb775101ec4640758
                                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F531D6716083049FD300EF54D981AAFBBF8EF99394F10052DF586871A2EB719949CB93
                                                                                                                                                                                                                                                                                                                                                                            Function 00A6DBBE Relevance: 6.0, APIs: 4, Instructions: 29filestringCOMMON
                                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                                            • lstrlenW.KERNEL32(?,00A45222), ref: 00A6DBCE
                                                                                                                                                                                                                                                                                                                                                                            • GetFileAttributesW.KERNEL32(?), ref: 00A6DBDD
                                                                                                                                                                                                                                                                                                                                                                            • FindFirstFileW.KERNEL32(?,?), ref: 00A6DBEE
                                                                                                                                                                                                                                                                                                                                                                            • FindClose.KERNEL32(00000000), ref: 00A6DBFA
                                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2226104040.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226057028.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226471803.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226549313.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a00000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                                            • API ID: FileFind$AttributesCloseFirstlstrlen
                                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                                            • API String ID: 2695905019-0
                                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 603aa57ad865e6e841f1c8c53b61d2cc40d70e5a85308f10d7ad3b7564e6e096
                                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 65f20fd1c38f7ddf6431b170db26d7884c4988c7a23b32a6f09825ed7394703e
                                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 603aa57ad865e6e841f1c8c53b61d2cc40d70e5a85308f10d7ad3b7564e6e096
                                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: C5F0A030A10D1867C320EBB8AC0D8AA377C9E01374B504703F836C20E0EFB1599686D9
                                                                                                                                                                                                                                                                                                                                                                            Function 00A5D21C Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 17timeCOMMON
                                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2226104040.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226057028.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226471803.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226549313.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a00000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                                            • API ID: LocalTime
                                                                                                                                                                                                                                                                                                                                                                            • String ID: %.3d$X64
                                                                                                                                                                                                                                                                                                                                                                            • API String ID: 481472006-1077770165
                                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: f264dc80c6e4682e0c26db7d3d8b485839ded9839aa4c1a1d2c55aff02363b54
                                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 63d8794a266382741623f6c7ec0710268c3749f257e3f5c28f0c7827c811e36e
                                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: f264dc80c6e4682e0c26db7d3d8b485839ded9839aa4c1a1d2c55aff02363b54
                                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: E8D012B580C148FDCB6097D0CC459FDB37CBB08302F508456FC0691040D634D54CAB61
                                                                                                                                                                                                                                                                                                                                                                            Function 00A24CE8 Relevance: 4.5, APIs: 3, Instructions: 20COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                                            • GetCurrentProcess.KERNEL32(00A328E9,?,00A24CBE,00A328E9,00AC88B8,0000000C,00A24E15,00A328E9,00000002,00000000,?,00A328E9), ref: 00A24D09
                                                                                                                                                                                                                                                                                                                                                                            • TerminateProcess.KERNEL32(00000000,?,00A24CBE,00A328E9,00AC88B8,0000000C,00A24E15,00A328E9,00000002,00000000,?,00A328E9), ref: 00A24D10
                                                                                                                                                                                                                                                                                                                                                                            • ExitProcess.KERNEL32 ref: 00A24D22
                                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2226104040.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226057028.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226471803.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226549313.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a00000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                                            • API ID: Process$CurrentExitTerminate
                                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1703294689-0
                                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 126e1dd148babfd75b9267349d2a82e3e74085b8b53b6f2afc1a612bcf5ce0b5
                                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: e9d1ef9cc7db0d978f3f9defd79c9875ef7eac0cdb6d452a727b7428d7a368d2
                                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 126e1dd148babfd75b9267349d2a82e3e74085b8b53b6f2afc1a612bcf5ce0b5
                                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4DE0B631104558AFCF11AF98EE0AA597B69EB45B91F104025FC098B122CB35DD42CA90
                                                                                                                                                                                                                                                                                                                                                                            Function 00A5D27A Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON
                                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                                            • GetUserNameW.ADVAPI32(?,?), ref: 00A5D28C
                                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2226104040.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226057028.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226471803.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226549313.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a00000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                                            • API ID: NameUser
                                                                                                                                                                                                                                                                                                                                                                            • String ID: X64
                                                                                                                                                                                                                                                                                                                                                                            • API String ID: 2645101109-893830106
                                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 5ee545017074bcae45b77ad35fab3d917c6e5ee2944ef94992ee6d22a4ffddfb
                                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 347d2718970737e2d56fb52caff8ad8fd72409345c49f9bf3566ceb7775e59ac
                                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 5ee545017074bcae45b77ad35fab3d917c6e5ee2944ef94992ee6d22a4ffddfb
                                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7FD0CAB480112DEECBA0CBA0EC88DDEB3BCBB08306F100292F506A2000DB7096898F20
                                                                                                                                                                                                                                                                                                                                                                            Function 00A8AFF9 Relevance: 24.4, APIs: 16, Instructions: 418processCOMMON
                                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                                                                                                                                            control_flow_graph 0 a8aff9-a8b056 call a22340 3 a8b058-a8b06b call a0b567 0->3 4 a8b094-a8b098 0->4 15 a8b0c8 3->15 16 a8b06d-a8b092 call a0b567 * 2 3->16 5 a8b09a-a8b0bb call a0b567 * 2 4->5 6 a8b0dd-a8b0e0 4->6 30 a8b0bf-a8b0c4 5->30 8 a8b0e2-a8b0e5 6->8 9 a8b0f5-a8b119 call a07510 call a07620 6->9 12 a8b0e8-a8b0ed call a0b567 8->12 32 a8b1d8-a8b1e0 9->32 33 a8b11f-a8b178 call a07510 call a07620 call a07510 call a07620 call a07510 call a07620 9->33 12->9 21 a8b0cb-a8b0cf 15->21 16->30 26 a8b0d9-a8b0db 21->26 27 a8b0d1-a8b0d7 21->27 26->6 26->9 27->12 30->6 34 a8b0c6 30->34 35 a8b20a-a8b238 GetCurrentDirectoryW call a1fe0b GetCurrentDirectoryW 32->35 36 a8b1e2-a8b1fd call a07510 call a07620 32->36 81 a8b17a-a8b195 call a07510 call a07620 33->81 82 a8b1a6-a8b1d6 GetSystemDirectoryW call a1fe0b GetSystemDirectoryW 33->82 34->21 45 a8b23c 35->45 36->35 53 a8b1ff-a8b208 call a24963 36->53 48 a8b240-a8b244 45->48 50 a8b275-a8b285 call a700d9 48->50 51 a8b246-a8b270 call a09c6e * 3 48->51 64 a8b28b-a8b2e1 call a707c0 call a706e6 call a705a7 50->64 65 a8b287-a8b289 50->65 51->50 53->35 53->50 68 a8b2ee-a8b2f2 64->68 96 a8b2e3 64->96 65->68 70 a8b2f8-a8b321 call a611c8 68->70 71 a8b39a-a8b3be CreateProcessW 68->71 86 a8b32a call a614ce 70->86 87 a8b323-a8b328 call a61201 70->87 78 a8b3c1-a8b3d4 call a1fe14 * 2 71->78 101 a8b42f-a8b43d CloseHandle 78->101 102 a8b3d6-a8b3e8 78->102 81->82 107 a8b197-a8b1a0 call a24963 81->107 82->45 100 a8b32f-a8b33c call a24963 86->100 87->100 96->68 115 a8b33e-a8b345 100->115 116 a8b347-a8b357 call a24963 100->116 109 a8b49c 101->109 110 a8b43f-a8b444 101->110 105 a8b3ea 102->105 106 a8b3ed-a8b3fc 102->106 105->106 111 a8b3fe 106->111 112 a8b401-a8b42a GetLastError call a0630c call a0cfa0 106->112 107->48 107->82 113 a8b4a0-a8b4a4 109->113 117 a8b451-a8b456 110->117 118 a8b446-a8b44c CloseHandle 110->118 111->112 130 a8b4e5-a8b4f6 call a70175 112->130 123 a8b4b2-a8b4bc 113->123 124 a8b4a6-a8b4b0 113->124 115->115 115->116 133 a8b359-a8b360 116->133 134 a8b362-a8b372 call a24963 116->134 120 a8b458-a8b45e CloseHandle 117->120 121 a8b463-a8b468 117->121 118->117 120->121 127 a8b46a-a8b470 CloseHandle 121->127 128 a8b475-a8b49a call a709d9 call a8b536 121->128 131 a8b4be 123->131 132 a8b4c4-a8b4e3 call a0cfa0 CloseHandle 123->132 124->130 127->128 128->113 131->132 132->130 133->133 133->134 146 a8b37d-a8b398 call a1fe14 * 3 134->146 147 a8b374-a8b37b 134->147 146->78 147->146 147->147
                                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 00A8B198
                                                                                                                                                                                                                                                                                                                                                                            • GetSystemDirectoryW.KERNEL32(00000000,00000000), ref: 00A8B1B0
                                                                                                                                                                                                                                                                                                                                                                            • GetSystemDirectoryW.KERNEL32(00000000,00000000), ref: 00A8B1D4
                                                                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 00A8B200
                                                                                                                                                                                                                                                                                                                                                                            • GetCurrentDirectoryW.KERNEL32(00000000,00000000), ref: 00A8B214
                                                                                                                                                                                                                                                                                                                                                                            • GetCurrentDirectoryW.KERNEL32(00000000,00000000), ref: 00A8B236
                                                                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 00A8B332
                                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00A705A7: GetStdHandle.KERNEL32(000000F6), ref: 00A705C6
                                                                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 00A8B34B
                                                                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 00A8B366
                                                                                                                                                                                                                                                                                                                                                                            • CreateProcessW.KERNEL32(00000000,?,00000000,00000000,?,?,00000000,?,?,?), ref: 00A8B3B6
                                                                                                                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(00000000), ref: 00A8B407
                                                                                                                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(?), ref: 00A8B439
                                                                                                                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 00A8B44A
                                                                                                                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 00A8B45C
                                                                                                                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 00A8B46E
                                                                                                                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(?), ref: 00A8B4E3
                                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2226104040.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226057028.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226471803.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226549313.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a00000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                                            • API ID: Handle$Close_wcslen$Directory$CurrentSystem$CreateErrorLastProcess
                                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                                            • API String ID: 2178637699-0
                                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 5721b2dce002127d71d760088a1908c80fe3927c9e641638f18c628a91a16c90
                                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 9c594a20fd0c0362a1a5eea7478b4a0fd5183cc532816647ac8d98493386ab99
                                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 5721b2dce002127d71d760088a1908c80fe3927c9e641638f18c628a91a16c90
                                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: EEF1AE316183409FCB14EF24D991B6FBBE1AF85314F14855DF49A9B2A2DB31EC41CB62
                                                                                                                                                                                                                                                                                                                                                                            Function 00A0D730 Relevance: 21.6, APIs: 14, Instructions: 616windowsleeptimeCOMMON
                                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                                            • GetInputState.USER32 ref: 00A0D807
                                                                                                                                                                                                                                                                                                                                                                            • timeGetTime.WINMM ref: 00A0DA07
                                                                                                                                                                                                                                                                                                                                                                            • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00A0DB28
                                                                                                                                                                                                                                                                                                                                                                            • TranslateMessage.USER32(?), ref: 00A0DB7B
                                                                                                                                                                                                                                                                                                                                                                            • DispatchMessageW.USER32(?), ref: 00A0DB89
                                                                                                                                                                                                                                                                                                                                                                            • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00A0DB9F
                                                                                                                                                                                                                                                                                                                                                                            • Sleep.KERNEL32(0000000A), ref: 00A0DBB1
                                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2226104040.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226057028.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226471803.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226549313.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a00000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                                            • API ID: Message$Peek$DispatchInputSleepStateTimeTranslatetime
                                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                                            • API String ID: 2189390790-0
                                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 6d76917a687274315e8eafe3f8174fcefe19fce18e696a416ec90a212febd9b1
                                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 1bf6ef4873c5ae23f5a9e190bb3ad8d046ccdd1e3d82c6a06966152c7034f800
                                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 6d76917a687274315e8eafe3f8174fcefe19fce18e696a416ec90a212febd9b1
                                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: BC42F131608345EFD728CF64D844BAAB7F0BF46354F148A1EE956872D1D770E889CB92
                                                                                                                                                                                                                                                                                                                                                                            Function 00A02CD4 Relevance: 19.3, APIs: 7, Strings: 4, Instructions: 53windowregistryCOMMON
                                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                                            • GetSysColorBrush.USER32(0000000F), ref: 00A02D07
                                                                                                                                                                                                                                                                                                                                                                            • RegisterClassExW.USER32(00000030), ref: 00A02D31
                                                                                                                                                                                                                                                                                                                                                                            • RegisterWindowMessageW.USER32(TaskbarCreated), ref: 00A02D42
                                                                                                                                                                                                                                                                                                                                                                            • InitCommonControlsEx.COMCTL32(?), ref: 00A02D5F
                                                                                                                                                                                                                                                                                                                                                                            • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000001,00000001), ref: 00A02D6F
                                                                                                                                                                                                                                                                                                                                                                            • LoadIconW.USER32(000000A9), ref: 00A02D85
                                                                                                                                                                                                                                                                                                                                                                            • ImageList_ReplaceIcon.COMCTL32(000000FF,00000000), ref: 00A02D94
                                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2226104040.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226057028.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226471803.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226549313.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a00000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                                            • API ID: IconImageList_Register$BrushClassColorCommonControlsCreateInitLoadMessageReplaceWindow
                                                                                                                                                                                                                                                                                                                                                                            • String ID: +$0$AutoIt v3 GUI$TaskbarCreated
                                                                                                                                                                                                                                                                                                                                                                            • API String ID: 2914291525-1005189915
                                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: eb97f9ceaa05f5f9a94a19c81fc10b12ce4a3a033591be1f9b5dc862c129dd96
                                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 63d1dabe4cbacc2aa871bd7113aa53a19cb545fc6d5e817957ca7e7c7c81689d
                                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: eb97f9ceaa05f5f9a94a19c81fc10b12ce4a3a033591be1f9b5dc862c129dd96
                                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4221C3B5A02218AFDB00DFE4E859BDDBBB8FB08714F00411BF512A62A0DBB14546CF91
                                                                                                                                                                                                                                                                                                                                                                            Function 00A4065B Relevance: 17.8, APIs: 9, Strings: 1, Instructions: 272COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                                                                                                                                            control_flow_graph 457 a4065b-a4068b call a4042f 460 a406a6-a406b2 call a35221 457->460 461 a4068d-a40698 call a2f2c6 457->461 466 a406b4-a406c9 call a2f2c6 call a2f2d9 460->466 467 a406cb-a40714 call a4039a 460->467 468 a4069a-a406a1 call a2f2d9 461->468 466->468 476 a40716-a4071f 467->476 477 a40781-a4078a GetFileType 467->477 478 a4097d-a40983 468->478 482 a40756-a4077c GetLastError call a2f2a3 476->482 483 a40721-a40725 476->483 479 a407d3-a407d6 477->479 480 a4078c-a407bd GetLastError call a2f2a3 CloseHandle 477->480 486 a407df-a407e5 479->486 487 a407d8-a407dd 479->487 480->468 494 a407c3-a407ce call a2f2d9 480->494 482->468 483->482 488 a40727-a40754 call a4039a 483->488 491 a407e9-a40837 call a3516a 486->491 492 a407e7 486->492 487->491 488->477 488->482 499 a40847-a4086b call a4014d 491->499 500 a40839-a40845 call a405ab 491->500 492->491 494->468 507 a4086d 499->507 508 a4087e-a408c1 499->508 500->499 506 a4086f-a40879 call a386ae 500->506 506->478 507->506 510 a408e2-a408f0 508->510 511 a408c3-a408c7 508->511 514 a408f6-a408fa 510->514 515 a4097b 510->515 511->510 513 a408c9-a408dd 511->513 513->510 514->515 516 a408fc-a4092f CloseHandle call a4039a 514->516 515->478 519 a40931-a4095d GetLastError call a2f2a3 call a35333 516->519 520 a40963-a40977 516->520 519->520 520->515
                                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00A4039A: CreateFileW.KERNEL32(00000000,00000000,?,00A40704,?,?,00000000,?,00A40704,00000000,0000000C), ref: 00A403B7
                                                                                                                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 00A4076F
                                                                                                                                                                                                                                                                                                                                                                            • __dosmaperr.LIBCMT ref: 00A40776
                                                                                                                                                                                                                                                                                                                                                                            • GetFileType.KERNEL32(00000000), ref: 00A40782
                                                                                                                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 00A4078C
                                                                                                                                                                                                                                                                                                                                                                            • __dosmaperr.LIBCMT ref: 00A40795
                                                                                                                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 00A407B5
                                                                                                                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(?), ref: 00A408FF
                                                                                                                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 00A40931
                                                                                                                                                                                                                                                                                                                                                                            • __dosmaperr.LIBCMT ref: 00A40938
                                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2226104040.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226057028.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226471803.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226549313.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a00000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                                            • API ID: ErrorLast__dosmaperr$CloseFileHandle$CreateType
                                                                                                                                                                                                                                                                                                                                                                            • String ID: H
                                                                                                                                                                                                                                                                                                                                                                            • API String ID: 4237864984-2852464175
                                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 69d9b53fb7ba589f5b0887b657d17be500d55ab258608d5fddc8ae536f6ef5fe
                                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 4dfd296709553267e007aca3668e0f0c41b9e221fe0ada27c743bd018043e6e0
                                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 69d9b53fb7ba589f5b0887b657d17be500d55ab258608d5fddc8ae536f6ef5fe
                                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 33A1273AA005048FDF19EF78D951FAE7BB0EB86320F24015AF9119F292DB359813DB91
                                                                                                                                                                                                                                                                                                                                                                            Function 00A0344D Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 201registryCOMMON
                                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00A03A5A: GetModuleFileNameW.KERNEL32(00000000,?,00007FFF,00AD1418,?,00A02E7F,?,?,?,00000000), ref: 00A03A78
                                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00A03357: GetFullPathNameW.KERNEL32(?,00007FFF,?,?), ref: 00A03379
                                                                                                                                                                                                                                                                                                                                                                            • RegOpenKeyExW.KERNEL32(80000001,Software\AutoIt v3\AutoIt,00000000,00000001,?,?,\Include\), ref: 00A0356A
                                                                                                                                                                                                                                                                                                                                                                            • RegQueryValueExW.ADVAPI32(?,Include,00000000,00000000,00000000,?), ref: 00A4318D
                                                                                                                                                                                                                                                                                                                                                                            • RegQueryValueExW.ADVAPI32(?,Include,00000000,00000000,?,?,00000000), ref: 00A431CE
                                                                                                                                                                                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(?), ref: 00A43210
                                                                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 00A43277
                                                                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 00A43286
                                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2226104040.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226057028.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226471803.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226549313.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a00000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                                            • API ID: NameQueryValue_wcslen$CloseFileFullModuleOpenPath
                                                                                                                                                                                                                                                                                                                                                                            • String ID: Include$Software\AutoIt v3\AutoIt$\$\Include\
                                                                                                                                                                                                                                                                                                                                                                            • API String ID: 98802146-2727554177
                                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 17b5e00e7f1793bc98fbd7897e6d4cb282bde75a512e5f4a06db80b1c4be177f
                                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: f6b34dd93939e3c71208086e2bc97ac99a7ae29da238563778fa9b8d205908bc
                                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 17b5e00e7f1793bc98fbd7897e6d4cb282bde75a512e5f4a06db80b1c4be177f
                                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2971D6715053049FD704EFA9ED81AABB7F8FFA4750F40052EF5468B1A0EB709A49CB62
                                                                                                                                                                                                                                                                                                                                                                            Function 00A02B83 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 63windowregistryCOMMON
                                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                                            • GetSysColorBrush.USER32(0000000F), ref: 00A02B8E
                                                                                                                                                                                                                                                                                                                                                                            • LoadCursorW.USER32(00000000,00007F00), ref: 00A02B9D
                                                                                                                                                                                                                                                                                                                                                                            • LoadIconW.USER32(00000063), ref: 00A02BB3
                                                                                                                                                                                                                                                                                                                                                                            • LoadIconW.USER32(000000A4), ref: 00A02BC5
                                                                                                                                                                                                                                                                                                                                                                            • LoadIconW.USER32(000000A2), ref: 00A02BD7
                                                                                                                                                                                                                                                                                                                                                                            • LoadImageW.USER32(00000063,00000001,00000010,00000010,00000000), ref: 00A02BEF
                                                                                                                                                                                                                                                                                                                                                                            • RegisterClassExW.USER32(?), ref: 00A02C40
                                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00A02CD4: GetSysColorBrush.USER32(0000000F), ref: 00A02D07
                                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00A02CD4: RegisterClassExW.USER32(00000030), ref: 00A02D31
                                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00A02CD4: RegisterWindowMessageW.USER32(TaskbarCreated), ref: 00A02D42
                                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00A02CD4: InitCommonControlsEx.COMCTL32(?), ref: 00A02D5F
                                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00A02CD4: ImageList_Create.COMCTL32(00000010,00000010,00000021,00000001,00000001), ref: 00A02D6F
                                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00A02CD4: LoadIconW.USER32(000000A9), ref: 00A02D85
                                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00A02CD4: ImageList_ReplaceIcon.COMCTL32(000000FF,00000000), ref: 00A02D94
                                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2226104040.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226057028.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226471803.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226549313.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a00000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                                            • API ID: Load$Icon$ImageRegister$BrushClassColorList_$CommonControlsCreateCursorInitMessageReplaceWindow
                                                                                                                                                                                                                                                                                                                                                                            • String ID: #$0$AutoIt v3
                                                                                                                                                                                                                                                                                                                                                                            • API String ID: 423443420-4155596026
                                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 86c6fd07524931a7cc54b200b50b4c9b637c93e2a63200a91db9c9a08a33ffbd
                                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 66808110944748f7b6b82e81369c6ca6b82059e3427bedd3c6daf9dcd245a784
                                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 86c6fd07524931a7cc54b200b50b4c9b637c93e2a63200a91db9c9a08a33ffbd
                                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 03211875E02318BBDB50DFE5EC59AA97FB4FB48B54F40011BE506AA6A0DBB10542CF90
                                                                                                                                                                                                                                                                                                                                                                            Function 00A03170 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 145windowtimeregistryCOMMON
                                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                                                                                                                                            control_flow_graph 598 a03170-a03185 599 a031e5-a031e7 598->599 600 a03187-a0318a 598->600 599->600 601 a031e9 599->601 602 a031eb 600->602 603 a0318c-a03193 600->603 604 a031d0-a031d8 DefWindowProcW 601->604 605 a031f1-a031f6 602->605 606 a42dfb-a42e23 call a018e2 call a1e499 602->606 607 a03265-a0326d PostQuitMessage 603->607 608 a03199-a0319e 603->608 615 a031de-a031e4 604->615 610 a031f8-a031fb 605->610 611 a0321d-a03244 SetTimer RegisterWindowMessageW 605->611 644 a42e28-a42e2f 606->644 609 a03219-a0321b 607->609 613 a031a4-a031a8 608->613 614 a42e7c-a42e90 call a6bf30 608->614 609->615 616 a03201-a0320f KillTimer call a030f2 610->616 617 a42d9c-a42d9f 610->617 611->609 619 a03246-a03251 CreatePopupMenu 611->619 620 a42e68-a42e72 call a6c161 613->620 621 a031ae-a031b3 613->621 614->609 639 a42e96 614->639 634 a03214 call a03c50 616->634 623 a42dd7-a42df6 MoveWindow 617->623 624 a42da1-a42da5 617->624 619->609 635 a42e77 620->635 628 a42e4d-a42e54 621->628 629 a031b9-a031be 621->629 623->609 631 a42dc6-a42dd2 SetFocus 624->631 632 a42da7-a42daa 624->632 628->604 633 a42e5a-a42e63 call a60ad7 628->633 637 a03253-a03263 call a0326f 629->637 638 a031c4-a031ca 629->638 631->609 632->638 640 a42db0-a42dc1 call a018e2 632->640 633->604 634->609 635->609 637->609 638->604 638->644 639->604 640->609 644->604 648 a42e35-a42e48 call a030f2 call a03837 644->648 648->604
                                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                                            • DefWindowProcW.USER32(?,?,?,?,?,?,?,?,?,00A0316A,?,?), ref: 00A031D8
                                                                                                                                                                                                                                                                                                                                                                            • KillTimer.USER32(?,00000001,?,?,?,?,?,00A0316A,?,?), ref: 00A03204
                                                                                                                                                                                                                                                                                                                                                                            • SetTimer.USER32(?,00000001,000002EE,00000000), ref: 00A03227
                                                                                                                                                                                                                                                                                                                                                                            • RegisterWindowMessageW.USER32(TaskbarCreated,?,?,?,?,?,00A0316A,?,?), ref: 00A03232
                                                                                                                                                                                                                                                                                                                                                                            • CreatePopupMenu.USER32 ref: 00A03246
                                                                                                                                                                                                                                                                                                                                                                            • PostQuitMessage.USER32(00000000), ref: 00A03267
                                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2226104040.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226057028.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226471803.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226549313.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a00000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                                            • API ID: MessageTimerWindow$CreateKillMenuPopupPostProcQuitRegister
                                                                                                                                                                                                                                                                                                                                                                            • String ID: TaskbarCreated
                                                                                                                                                                                                                                                                                                                                                                            • API String ID: 129472671-2362178303
                                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 3a240a5c0b59ee208f535c418185f6890f190740ebf7cb77084196906678bc7f
                                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: fd01530455baaebe9f795d006da803d08305b7b1f293689b2508f65e75cfddf2
                                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3a240a5c0b59ee208f535c418185f6890f190740ebf7cb77084196906678bc7f
                                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4341193A340208BBDF149BF8BD69BB93B6DEB5D350F040217F503862E1DB618A419761
                                                                                                                                                                                                                                                                                                                                                                            Function 00A01410 Relevance: 14.3, APIs: 7, Strings: 1, Instructions: 332COMMON
                                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                                                                                                                                            control_flow_graph 654 a01410-a01449 655 a424b8-a424b9 DestroyWindow 654->655 656 a0144f-a01465 mciSendStringW 654->656 659 a424c4-a424d1 655->659 657 a016c6-a016d3 656->657 658 a0146b-a01473 656->658 661 a016d5-a016f0 UnregisterHotKey 657->661 662 a016f8-a016ff 657->662 658->659 660 a01479-a01488 call a0182e 658->660 664 a42500-a42507 659->664 665 a424d3-a424d6 659->665 675 a4250e-a4251a 660->675 676 a0148e-a01496 660->676 661->662 667 a016f2-a016f3 call a010d0 661->667 662->658 663 a01705 662->663 663->657 664->659 668 a42509 664->668 669 a424e2-a424e5 FindClose 665->669 670 a424d8-a424e0 call a06246 665->670 667->662 668->675 674 a424eb-a424f8 669->674 670->674 674->664 680 a424fa-a424fb call a732b1 674->680 677 a42524-a4252b 675->677 678 a4251c-a4251e FreeLibrary 675->678 681 a42532-a4253f 676->681 682 a0149c-a014c1 call a0cfa0 676->682 677->675 683 a4252d 677->683 678->677 680->664 684 a42566-a4256d 681->684 685 a42541-a4255e VirtualFree 681->685 691 a014c3 682->691 692 a014f8-a01503 CoUninitialize 682->692 683->681 684->681 690 a4256f 684->690 685->684 689 a42560-a42561 call a73317 685->689 689->684 695 a42574-a42578 690->695 694 a014c6-a014f6 call a01a05 call a019ae 691->694 692->695 696 a01509-a0150e 692->696 694->692 695->696 697 a4257e-a42584 695->697 699 a01514-a0151e 696->699 700 a42589-a42596 call a732eb 696->700 697->696 703 a01524-a015a5 call a0988f call a01944 call a017d5 call a1fe14 call a0177c call a0988f call a0cfa0 call a017fe call a1fe14 699->703 704 a01707-a01714 call a1f80e 699->704 712 a42598 700->712 716 a4259d-a425bf call a1fdcd 703->716 744 a015ab-a015cf call a1fe14 703->744 704->703 714 a0171a 704->714 712->716 714->704 723 a425c1 716->723 726 a425c6-a425e8 call a1fdcd 723->726 731 a425ea 726->731 734 a425ef-a42611 call a1fdcd 731->734 740 a42613 734->740 743 a42618-a42625 call a664d4 740->743 750 a42627 743->750 744->726 749 a015d5-a015f9 call a1fe14 744->749 749->734 754 a015ff-a01619 call a1fe14 749->754 753 a4262c-a42639 call a1ac64 750->753 759 a4263b 753->759 754->743 760 a0161f-a01643 call a017d5 call a1fe14 754->760 761 a42640-a4264d call a73245 759->761 760->753 769 a01649-a01651 760->769 767 a4264f 761->767 770 a42654-a42661 call a732cc 767->770 769->761 771 a01657-a01675 call a0988f call a0190a 769->771 776 a42663 770->776 771->770 779 a0167b-a01689 771->779 780 a42668-a42675 call a732cc 776->780 779->780 781 a0168f-a016c5 call a0988f * 3 call a01876 779->781 786 a42677 780->786 786->786
                                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                                            • mciSendStringW.WINMM(close all,00000000,00000000,00000000), ref: 00A01459
                                                                                                                                                                                                                                                                                                                                                                            • CoUninitialize.COMBASE ref: 00A014F8
                                                                                                                                                                                                                                                                                                                                                                            • UnregisterHotKey.USER32(?), ref: 00A016DD
                                                                                                                                                                                                                                                                                                                                                                            • DestroyWindow.USER32(?), ref: 00A424B9
                                                                                                                                                                                                                                                                                                                                                                            • FreeLibrary.KERNEL32(?), ref: 00A4251E
                                                                                                                                                                                                                                                                                                                                                                            • VirtualFree.KERNEL32(?,00000000,00008000), ref: 00A4254B
                                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2226104040.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226057028.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226471803.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226549313.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a00000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                                            • API ID: Free$DestroyLibrarySendStringUninitializeUnregisterVirtualWindow
                                                                                                                                                                                                                                                                                                                                                                            • String ID: close all
                                                                                                                                                                                                                                                                                                                                                                            • API String ID: 469580280-3243417748
                                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 69593a626b5525b75fef37c49621eeaeac8bf61113ff1e020755220c63bc0d5a
                                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: b828d68ff5682bff27a73075514f4e06f8ca88394151b018a780492faf5370f8
                                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 69593a626b5525b75fef37c49621eeaeac8bf61113ff1e020755220c63bc0d5a
                                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 04D1AD35701212CFCB19EF14D995BA9F7A0BF44310F5582ADF44A6B2A2DB31AC12CF91
                                                                                                                                                                                                                                                                                                                                                                            Function 00A6DE27 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 70networkCOMMON
                                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                                                                                                                                            control_flow_graph 793 a6de27-a6de4a WSAStartup 794 a6dee6-a6def2 call a24983 793->794 795 a6de50-a6de71 gethostname gethostbyname 793->795 801 a6def3-a6def6 794->801 795->794 796 a6de73-a6de7a 795->796 798 a6de83-a6de85 796->798 799 a6de7c-a6de81 796->799 802 a6de96-a6dedb call a20e20 inet_ntoa call a2d5f0 call a6ebd1 call a24983 call a1fe14 798->802 803 a6de87-a6de94 call a24983 798->803 799->798 799->799 808 a6dede-a6dee4 WSACleanup 802->808 803->808 808->801
                                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2226104040.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226057028.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226471803.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226549313.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a00000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                                            • API ID: CleanupStartup_strcatgethostbynamegethostnameinet_ntoa
                                                                                                                                                                                                                                                                                                                                                                            • String ID: 0.0.0.0
                                                                                                                                                                                                                                                                                                                                                                            • API String ID: 642191829-3771769585
                                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 5420431222c7687a815dff47b3e9096249dea38acfb38d852345f557392d8875
                                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 971a7e5abc011dc7ba39e423440b05414e094c37137c2bbe25a3c90eaed40b68
                                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 5420431222c7687a815dff47b3e9096249dea38acfb38d852345f557392d8875
                                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: E611EC71A04114BFCB20EB64DD4AEDE77BCDF15761F01017AF545EA091EFB18A818A90
                                                                                                                                                                                                                                                                                                                                                                            Function 00A02C63 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 44COMMON
                                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                                                                                                                                            control_flow_graph 827 a02c63-a02cd3 CreateWindowExW * 2 ShowWindow * 2
                                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                                            • CreateWindowExW.USER32(00000000,AutoIt v3,AutoIt v3,00CF0000,80000000,80000000,0000012C,00000064,00000000,00000000,00000000,00000001), ref: 00A02C91
                                                                                                                                                                                                                                                                                                                                                                            • CreateWindowExW.USER32(00000000,edit,00000000,50B008C4,00000000,00000000,00000000,00000000,00000000,00000001,00000000), ref: 00A02CB2
                                                                                                                                                                                                                                                                                                                                                                            • ShowWindow.USER32(00000000,?,?,?,?,?,?,00A01CAD,?), ref: 00A02CC6
                                                                                                                                                                                                                                                                                                                                                                            • ShowWindow.USER32(00000000,?,?,?,?,?,?,00A01CAD,?), ref: 00A02CCF
                                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2226104040.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226057028.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226471803.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226549313.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a00000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                                            • API ID: Window$CreateShow
                                                                                                                                                                                                                                                                                                                                                                            • String ID: AutoIt v3$edit
                                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1584632944-3779509399
                                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: a578df43ee5a7b468df13870cb5dfae2e213d66e7748eeaa3f5a0c2968e53501
                                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 8956243da50682672bda2516b448a0ba84e2d289232c7beb0ce66f754cdb3823
                                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a578df43ee5a7b468df13870cb5dfae2e213d66e7748eeaa3f5a0c2968e53501
                                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: C4F0DA796412907BEB719797AC0CEB73FBDD7C6F60B00005BF905AA5A0D6611852DAB0
                                                                                                                                                                                                                                                                                                                                                                            Function 00A03B1C Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 58registryCOMMON
                                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                                                                                                                                            control_flow_graph 978 a03b1c-a03b27 979 a03b99-a03b9b 978->979 980 a03b29-a03b2e 978->980 981 a03b8c-a03b8f 979->981 980->979 982 a03b30-a03b48 RegOpenKeyExW 980->982 982->979 983 a03b4a-a03b69 RegQueryValueExW 982->983 984 a03b80-a03b8b RegCloseKey 983->984 985 a03b6b-a03b76 983->985 984->981 986 a03b90-a03b97 985->986 987 a03b78-a03b7a 985->987 988 a03b7e 986->988 987->988 988->984
                                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                                            • RegOpenKeyExW.KERNEL32(80000001,Control Panel\Mouse,00000000,00000001,00000000,?,?,80000001,80000001,?,00A03B0F,SwapMouseButtons,00000004,?), ref: 00A03B40
                                                                                                                                                                                                                                                                                                                                                                            • RegQueryValueExW.KERNEL32(00000000,00000000,00000000,00000000,?,?,?,?,?,80000001,80000001,?,00A03B0F,SwapMouseButtons,00000004,?), ref: 00A03B61
                                                                                                                                                                                                                                                                                                                                                                            • RegCloseKey.KERNEL32(00000000,?,?,?,80000001,80000001,?,00A03B0F,SwapMouseButtons,00000004,?), ref: 00A03B83
                                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2226104040.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226057028.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226471803.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226549313.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a00000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                                            • API ID: CloseOpenQueryValue
                                                                                                                                                                                                                                                                                                                                                                            • String ID: Control Panel\Mouse
                                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3677997916-824357125
                                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: ba0cd34bb398f5cc06e916466c6fa855d66f601926580bcb18415a859323f586
                                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 871ab383ea39851247695e35cf4392e119709e1d1bd33380329126ccbd5af492
                                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: ba0cd34bb398f5cc06e916466c6fa855d66f601926580bcb18415a859323f586
                                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1F112AB6610208FFDF20CFA5EC85AAEBBBCEF05758B10445AA806D7150E6719E459760
                                                                                                                                                                                                                                                                                                                                                                            Function 00A5D3A0 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 27libraryloaderCOMMON
                                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                                                                                                                                            control_flow_graph 989 a5d3a0-a5d3a9 990 a5d376-a5d37b 989->990 991 a5d3ab-a5d3b7 989->991 992 a5d292-a5d2a8 990->992 993 a5d3c9 991->993 994 a5d3b9-a5d3c7 GetProcAddress 991->994 997 a5d2a9 992->997 995 a5d3ce-a5d3de 993->995 994->993 994->995 995->992 999 a5d3e4-a5d3eb FreeLibrary 995->999 997->997 999->992
                                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(?,GetSystemWow64DirectoryW), ref: 00A5D3BF
                                                                                                                                                                                                                                                                                                                                                                            • FreeLibrary.KERNEL32 ref: 00A5D3E5
                                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2226104040.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226057028.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226471803.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226549313.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a00000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                                            • API ID: AddressFreeLibraryProc
                                                                                                                                                                                                                                                                                                                                                                            • String ID: GetSystemWow64DirectoryW$X64
                                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3013587201-2590602151
                                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 8e1b97ad67c44b68ab9271633eea0f70f9719315e563c5d71f448c495ee179e0
                                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 3e0bc4b28803f2c5a4e62c4305db1691dd366971bda1c3f12bc4add7b3399a46
                                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 8e1b97ad67c44b68ab9271633eea0f70f9719315e563c5d71f448c495ee179e0
                                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6AF0E571505B11ABD77597108C489EE7228BF10B23F60865AF817E90A9EB70C98DCA96
                                                                                                                                                                                                                                                                                                                                                                            Function 00A0DFD0 Relevance: 6.7, APIs: 2, Strings: 1, Instructions: 1414COMMON
                                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                                            • Variable must be of type 'Object'., xrefs: 00A532B7
                                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2226104040.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226057028.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226471803.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226549313.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a00000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                                                                                                                            • String ID: Variable must be of type 'Object'.
                                                                                                                                                                                                                                                                                                                                                                            • API String ID: 0-109567571
                                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 5dfd26c07d81928698954d9a32f9f16b032c75d0ae9e70a99be53c02af84031b
                                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 2a03d8f007bf6ae5728a720e9fae48f7fe980af1139d798985954bebf09208f7
                                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 5dfd26c07d81928698954d9a32f9f16b032c75d0ae9e70a99be53c02af84031b
                                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D3C28F71E00208CFCB14CF98E980AADB7B1FF58310F248969E956AB391D375ED45EB91
                                                                                                                                                                                                                                                                                                                                                                            Function 00A0EC40 Relevance: 5.7, APIs: 3, Instructions: 1195COMMON
                                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                                            • __Init_thread_footer.LIBCMT ref: 00A0FE66
                                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2226104040.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226057028.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226471803.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226549313.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a00000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                                            • API ID: Init_thread_footer
                                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1385522511-0
                                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: d14a272d2077a8dd74c1b8143efb2f9e3f462e2ee0ef6e79ed3a4c2681144aff
                                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 0918d94a1871ab2a4a65638e67fa47165266226980d1e21da63ea0543694f514
                                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d14a272d2077a8dd74c1b8143efb2f9e3f462e2ee0ef6e79ed3a4c2681144aff
                                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D0B28B74608345CFCB24CF18E480A2AB7F1BF99314F24496EE9869B391D771ED85CB92
                                                                                                                                                                                                                                                                                                                                                                            Function 00A03923 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 94windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                                            • LoadStringW.USER32(00000065,?,0000007F,00000104), ref: 00A433A2
                                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00A06B57: _wcslen.LIBCMT ref: 00A06B6A
                                                                                                                                                                                                                                                                                                                                                                            • Shell_NotifyIconW.SHELL32(00000001,?), ref: 00A03A04
                                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2226104040.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226057028.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226471803.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226549313.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a00000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                                            • API ID: IconLoadNotifyShell_String_wcslen
                                                                                                                                                                                                                                                                                                                                                                            • String ID: Line:
                                                                                                                                                                                                                                                                                                                                                                            • API String ID: 2289894680-1585850449
                                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: e38a4a8da0844889836e2fc61b659ec82b6b68e5113931de4a39a09c464f1f36
                                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: f8fe95aae5edcb403aece39de2d8f1f3d565c5d7bac609c958296d746e602f4d
                                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: e38a4a8da0844889836e2fc61b659ec82b6b68e5113931de4a39a09c464f1f36
                                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6931E272508308ABCB20EB64EC45BEBB3ECAB40314F00492BF59A861D1DB709649C7C2
                                                                                                                                                                                                                                                                                                                                                                            Function 00A1FDDB Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 43COMMON
                                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                                            • __CxxThrowException@8.LIBVCRUNTIME ref: 00A20668
                                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00A232A4: RaiseException.KERNEL32(?,?,?,00A2068A,?,00AD1444,?,?,?,?,?,?,00A2068A,00A01129,00AC8738,00A01129), ref: 00A23304
                                                                                                                                                                                                                                                                                                                                                                            • __CxxThrowException@8.LIBVCRUNTIME ref: 00A20685
                                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2226104040.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226057028.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226471803.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226549313.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a00000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                                            • API ID: Exception@8Throw$ExceptionRaise
                                                                                                                                                                                                                                                                                                                                                                            • String ID: Unknown exception
                                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3476068407-410509341
                                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 4bb3447e6b5b9ef612277afd45bdeaecb5e65e68034c43afe0d1327ff160a76f
                                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 367688f4346185c3cf79a5205a466dc388effbb69bf0764e103ce6940c60ddbb
                                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4bb3447e6b5b9ef612277afd45bdeaecb5e65e68034c43afe0d1327ff160a76f
                                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: C5F0C23490021DBBCF04B7ACF946DEE7B6C6E00354B604535B824D6593EF75DA65C6C0
                                                                                                                                                                                                                                                                                                                                                                            Function 00A010F3 Relevance: 4.7, APIs: 3, Instructions: 153comCOMMON
                                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00A01BC3: MapVirtualKeyW.USER32(0000005B,00000000), ref: 00A01BF4
                                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00A01BC3: MapVirtualKeyW.USER32(00000010,00000000), ref: 00A01BFC
                                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00A01BC3: MapVirtualKeyW.USER32(000000A0,00000000), ref: 00A01C07
                                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00A01BC3: MapVirtualKeyW.USER32(000000A1,00000000), ref: 00A01C12
                                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00A01BC3: MapVirtualKeyW.USER32(00000011,00000000), ref: 00A01C1A
                                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00A01BC3: MapVirtualKeyW.USER32(00000012,00000000), ref: 00A01C22
                                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00A01B4A: RegisterWindowMessageW.USER32(00000004,?,00A012C4), ref: 00A01BA2
                                                                                                                                                                                                                                                                                                                                                                            • GetStdHandle.KERNEL32(000000F6,00000000,00000000), ref: 00A0136A
                                                                                                                                                                                                                                                                                                                                                                            • OleInitialize.OLE32 ref: 00A01388
                                                                                                                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000,00000000), ref: 00A424AB
                                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2226104040.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226057028.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226471803.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226549313.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a00000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                                            • API ID: Virtual$Handle$CloseInitializeMessageRegisterWindow
                                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1986988660-0
                                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: a8e082225535615d434cb5be8e87aeda4490235b8c4baf011e8a75e4fd5a7443
                                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: c87d053c80840732456209aabc0b01ae1909ea73c51b31732c3577f3c8af908a
                                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a8e082225535615d434cb5be8e87aeda4490235b8c4baf011e8a75e4fd5a7443
                                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: C0718BB4A12304AFC784EFF9BA456993BE1FB89354754826BD41BC73A2EB384442CF51
                                                                                                                                                                                                                                                                                                                                                                            Function 00A6C161 Relevance: 4.6, APIs: 3, Instructions: 74timewindowCOMMON
                                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00A03923: Shell_NotifyIconW.SHELL32(00000001,?), ref: 00A03A04
                                                                                                                                                                                                                                                                                                                                                                            • Shell_NotifyIconW.SHELL32(00000001,000003A8), ref: 00A6C259
                                                                                                                                                                                                                                                                                                                                                                            • KillTimer.USER32(?,00000001,?,?), ref: 00A6C261
                                                                                                                                                                                                                                                                                                                                                                            • SetTimer.USER32(?,00000001,000002EE,00000000), ref: 00A6C270
                                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2226104040.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226057028.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226471803.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226549313.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a00000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                                            • API ID: IconNotifyShell_Timer$Kill
                                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3500052701-0
                                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 0bd6369bcaa68d0f2f1a3f17f33334f6e8940371c1eafa8bb69316192e8ae4b0
                                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: d63afa22550d45b5d86e4fc41deaf59edba9e585cc9dfd2e61bdfc22742088e2
                                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0bd6369bcaa68d0f2f1a3f17f33334f6e8940371c1eafa8bb69316192e8ae4b0
                                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7331C370A04344AFEB22DFB488A5BE7BBFC9F06314F00049AD6EA97241C7745A85CB51
                                                                                                                                                                                                                                                                                                                                                                            Function 00A386AE Relevance: 4.6, APIs: 3, Instructions: 61COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000,00000000,?,?,00A385CC,?,00AC8CC8,0000000C), ref: 00A38704
                                                                                                                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,00A385CC,?,00AC8CC8,0000000C), ref: 00A3870E
                                                                                                                                                                                                                                                                                                                                                                            • __dosmaperr.LIBCMT ref: 00A38739
                                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2226104040.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226057028.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226471803.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226549313.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a00000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                                            • API ID: CloseErrorHandleLast__dosmaperr
                                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                                            • API String ID: 2583163307-0
                                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 2434f71c894c25b0831c346bf7a39889eaeaf0552f31f72b64b77810e43bbe06
                                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: d003ac3d34d1d1b2258ec764d9119dcffc71e57fd258b6187af31ce948dab4df
                                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2434f71c894c25b0831c346bf7a39889eaeaf0552f31f72b64b77810e43bbe06
                                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: B5014E32A0572017D634A378AA47B7E77594B82774F39011AF8158F1D2DFA8CC819150
                                                                                                                                                                                                                                                                                                                                                                            Function 00A0DB38 Relevance: 4.5, APIs: 3, Instructions: 29windowsleepCOMMON
                                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                                            • TranslateMessage.USER32(?), ref: 00A0DB7B
                                                                                                                                                                                                                                                                                                                                                                            • DispatchMessageW.USER32(?), ref: 00A0DB89
                                                                                                                                                                                                                                                                                                                                                                            • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00A0DB9F
                                                                                                                                                                                                                                                                                                                                                                            • Sleep.KERNEL32(0000000A), ref: 00A0DBB1
                                                                                                                                                                                                                                                                                                                                                                            • TranslateAcceleratorW.USER32(?,?,?), ref: 00A51CC9
                                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2226104040.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226057028.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226471803.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226549313.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a00000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                                            • API ID: Message$Translate$AcceleratorDispatchPeekSleep
                                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3288985973-0
                                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: efc1006eb2c205f07141f35f7cc43fdeef9c856ff20856cb444c778d058ccfdc
                                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: cc4cd7a467ef15d463a3680325714ec18b1c711850a6e9849b93d1ba902e0e30
                                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: efc1006eb2c205f07141f35f7cc43fdeef9c856ff20856cb444c778d058ccfdc
                                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: DCF0FE316443849BE730DBE09C89FEA73ADEB85711F504A1AE65A970D0DB309489DB25
                                                                                                                                                                                                                                                                                                                                                                            Function 00A11310 Relevance: 4.0, APIs: 1, Strings: 1, Instructions: 531COMMON
                                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                                            • __Init_thread_footer.LIBCMT ref: 00A117F6
                                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2226104040.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226057028.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226471803.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226549313.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a00000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                                            • API ID: Init_thread_footer
                                                                                                                                                                                                                                                                                                                                                                            • String ID: CALL
                                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1385522511-4196123274
                                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: f3bd0ea0d20372bc08ea5683f10ff61ff33ac13439f5dfc29bdce1f7fc2e6658
                                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 443232628dff59a4adad29b273aafec6707e8138955d8da7baa7df5cf4d2638b
                                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: f3bd0ea0d20372bc08ea5683f10ff61ff33ac13439f5dfc29bdce1f7fc2e6658
                                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: C5228C706083419FC714DF14C580BAABBF2BF85314F64895DF9968B3A1D735E885CB92
                                                                                                                                                                                                                                                                                                                                                                            Function 00A101E0 Relevance: 3.6, APIs: 2, Instructions: 643COMMON
                                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2226104040.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226057028.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226471803.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226549313.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a00000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 64530e4569be2928ba74d73cc304d44d1edb299d4ee09ecff7e9cd9a7cc5ad6d
                                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: b4bc08b68afd40a83e64666e980e384fa6f873e6ece655243ef9fc40235fa87e
                                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 64530e4569be2928ba74d73cc304d44d1edb299d4ee09ecff7e9cd9a7cc5ad6d
                                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: C932CB30A00604DFCB24DF64D9A5EEEB7B1BF05311F148529E926AB2A1D771EDC8CB91
                                                                                                                                                                                                                                                                                                                                                                            Function 00A02DE3 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 64COMMON
                                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                                            • GetOpenFileNameW.COMDLG32(?), ref: 00A42C8C
                                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00A03AA2: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,00A03A97,?,?,00A02E7F,?,?,?,00000000), ref: 00A03AC2
                                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00A02DA5: GetLongPathNameW.KERNEL32(?,?,00007FFF), ref: 00A02DC4
                                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2226104040.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226057028.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226471803.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226549313.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a00000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                                            • API ID: Name$Path$FileFullLongOpen
                                                                                                                                                                                                                                                                                                                                                                            • String ID: X
                                                                                                                                                                                                                                                                                                                                                                            • API String ID: 779396738-3081909835
                                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: afa868059812207867841be80b9a3683d9832070ee2b0675c9a4e0e5940156d6
                                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: ffb88907bf82efbd0f65d6fc680176a835dc291e998e24cdf0ef4dd8e868a1ab
                                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: afa868059812207867841be80b9a3683d9832070ee2b0675c9a4e0e5940156d6
                                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7621A571A0025C9FCF01EF94D949BEE7BFCAF49314F00405AE405AB281DBB45A898F61
                                                                                                                                                                                                                                                                                                                                                                            Function 00A5D363 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 11COMMON
                                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                                            • GetComputerNameW.KERNEL32(?,?), ref: 00A5D375
                                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2226104040.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226057028.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226471803.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226549313.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a00000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                                            • API ID: ComputerName
                                                                                                                                                                                                                                                                                                                                                                            • String ID: X64
                                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3545744682-893830106
                                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 4d9cff782799d1ccae01eccd9af42cda4734ebb87b7ef41dab5b3042505ab28d
                                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 9d8d2996105653fb2025b77748ed5236c3ca59e106b56cc0a02eaa94efbc039c
                                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4d9cff782799d1ccae01eccd9af42cda4734ebb87b7ef41dab5b3042505ab28d
                                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: DAD0C9B5805118FFCBA0CB80DC88DDEB37CBB04302F504252F402A2000DB7096889F11
                                                                                                                                                                                                                                                                                                                                                                            Function 00A03837 Relevance: 3.1, APIs: 2, Instructions: 77windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                                            • Shell_NotifyIconW.SHELL32(00000000,?), ref: 00A03908
                                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2226104040.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226057028.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226471803.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226549313.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a00000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                                            • API ID: IconNotifyShell_
                                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1144537725-0
                                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 82df8420eac3355da1fd49e73e1b164ec6f5a86042d14b18b3e59456badafd7d
                                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 2b04cc4bab64a189971fda547cc30ab93150df857524d6116e327c4227e83765
                                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 82df8420eac3355da1fd49e73e1b164ec6f5a86042d14b18b3e59456badafd7d
                                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: C931C3756057059FD760DF64E884797BBF8FB49308F00096EF59A87280E771AA48CB52
                                                                                                                                                                                                                                                                                                                                                                            Function 00A1F645 Relevance: 3.0, APIs: 2, Instructions: 29sleeptimeCOMMON
                                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                                            • timeGetTime.WINMM ref: 00A1F661
                                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00A0D730: GetInputState.USER32 ref: 00A0D807
                                                                                                                                                                                                                                                                                                                                                                            • Sleep.KERNEL32(00000000), ref: 00A5F2DE
                                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2226104040.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226057028.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226471803.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226549313.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a00000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                                            • API ID: InputSleepStateTimetime
                                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                                            • API String ID: 4149333218-0
                                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: f8c219f56f3e970220d4c5c5c87df302f6230ef125a122ccd1c1a8ef60cabe41
                                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: afb730434a9b242ab5946043b36dab6f9045a8c8aa6547cc0b1660a18baa7af7
                                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: f8c219f56f3e970220d4c5c5c87df302f6230ef125a122ccd1c1a8ef60cabe41
                                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 57F082312406059FD310EFA5E945B5AB7E4FF49761F00006AE85EC73A0DB70BC00CB90
                                                                                                                                                                                                                                                                                                                                                                            Function 00A0B710 Relevance: 2.1, APIs: 1, Instructions: 587COMMON
                                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                                            • __Init_thread_footer.LIBCMT ref: 00A0BB4E
                                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2226104040.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226057028.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226471803.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226549313.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a00000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                                            • API ID: Init_thread_footer
                                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1385522511-0
                                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 43a5c369b3535a8bc1f38fd2f135f27c0e1ca710ae30a0f0e2980e89cb7f6e3b
                                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: dc9bb8fdad118009101db8e4f8cef920027d5073e1264be89f394108f4b68412
                                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 43a5c369b3535a8bc1f38fd2f135f27c0e1ca710ae30a0f0e2980e89cb7f6e3b
                                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: AB32AB34A00209AFDB24CF54DA94FBEB7B5FF44350F14805AED16AB2A1C774AD85CBA1
                                                                                                                                                                                                                                                                                                                                                                            Function 00A0D260 Relevance: 1.8, APIs: 1, Instructions: 599COMMON
                                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2226104040.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226057028.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226471803.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226549313.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a00000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: cfe0ea5b852e2d19d92ecc686af60cad8a5f5b350c68cbfa1dadf9b7bafe1366
                                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 8f4f8f250ffb8c87782022166decff8ccd4c9e503be1a9f1e3fd8776db468569
                                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: cfe0ea5b852e2d19d92ecc686af60cad8a5f5b350c68cbfa1dadf9b7bafe1366
                                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F332B071900209DFCB10DF94E891BBEBBB0FF09314F148169ED5AAB391D735A985CB92
                                                                                                                                                                                                                                                                                                                                                                            Function 00A04ECB Relevance: 1.6, APIs: 1, Instructions: 65libraryCOMMON
                                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00A04E90: LoadLibraryA.KERNEL32(kernel32.dll,?,?,00A04EDD,?,00AD1418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00A04E9C
                                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00A04E90: GetProcAddress.KERNEL32(00000000,Wow64DisableWow64FsRedirection), ref: 00A04EAE
                                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00A04E90: FreeLibrary.KERNEL32(00000000,?,?,00A04EDD,?,00AD1418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00A04EC0
                                                                                                                                                                                                                                                                                                                                                                            • LoadLibraryExW.KERNEL32(?,00000000,00000002,?,00AD1418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00A04EFD
                                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00A04E59: LoadLibraryA.KERNEL32(kernel32.dll,?,?,00A43CDE,?,00AD1418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00A04E62
                                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00A04E59: GetProcAddress.KERNEL32(00000000,Wow64RevertWow64FsRedirection), ref: 00A04E74
                                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00A04E59: FreeLibrary.KERNEL32(00000000,?,?,00A43CDE,?,00AD1418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00A04E87
                                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2226104040.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226057028.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226471803.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226549313.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a00000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                                            • API ID: Library$Load$AddressFreeProc
                                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                                            • API String ID: 2632591731-0
                                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 6dbbd94a9f81de633b3a1073c944fd0fc8d4d2eaaecc9b27d007d07c18ed3b5b
                                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 51af687baab1a4e265d43a19a9ccde6316dee1904ea769521e1c3d6f09c06a2e
                                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 6dbbd94a9f81de633b3a1073c944fd0fc8d4d2eaaecc9b27d007d07c18ed3b5b
                                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3D11E7B261020AABDF14FF74EE02FED77A5BF44B11F10842DF642A61C1DEB09A459B50
                                                                                                                                                                                                                                                                                                                                                                            Function 00A38402 Relevance: 1.6, APIs: 1, Instructions: 54COMMON
                                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2226104040.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226057028.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226471803.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226549313.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a00000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                                            • API ID: __wsopen_s
                                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3347428461-0
                                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 6067391b432d3a65a3503174865d37e02bb296c47430cdffa929088eed8ed083
                                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 8caa7f04de6f9bca9a4e606dd1f22b824634d11c0e2dbac7f9453d4c0d02c4e3
                                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 6067391b432d3a65a3503174865d37e02bb296c47430cdffa929088eed8ed083
                                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1311187590420AAFCF15DF58E94199A7BF5EF48314F104059F809AB312DB31DA11CBA5
                                                                                                                                                                                                                                                                                                                                                                            Function 00A35000 Relevance: 1.6, APIs: 1, Instructions: 52COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00A34C7D: RtlAllocateHeap.NTDLL(00000008,00A01129,00000000,?,00A32E29,00000001,00000364,?,?,?,00A2F2DE,00A33863,00AD1444,?,00A1FDF5,?), ref: 00A34CBE
                                                                                                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 00A3506C
                                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2226104040.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226057028.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226471803.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226549313.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a00000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                                            • API ID: AllocateHeap_free
                                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                                            • API String ID: 614378929-0
                                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 9ba45ce058d1080761d5af908226540236078fd1fc19e2e0238d0ad147f07c6e
                                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: b2c24828e38c2ed506c9e865214fb86f48b376f2cf44834c5af2dc373c3923db
                                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9ba45ce058d1080761d5af908226540236078fd1fc19e2e0238d0ad147f07c6e
                                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: C80126726047046FE3258F69D881A5AFBE8FB8A370F25052DF18483280EA31A905C7B4
                                                                                                                                                                                                                                                                                                                                                                            Function 00A2E602 Relevance: 1.5, APIs: 1, Instructions: 46COMMON
                                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2226104040.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226057028.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226471803.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226549313.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a00000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: d6c69ec2a70ac845cc05b5f137181c3f07394ab8b33ef369e8c7ef627d5c9574
                                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 9c3f92c0cf512e1e242c298e024df341261f17db75382bc530039d325ca09794
                                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d6c69ec2a70ac845cc05b5f137181c3f07394ab8b33ef369e8c7ef627d5c9574
                                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D4F0F432511A309AD6317B6DBE05B5A33A89F52331F100735F420921D2DB78E84186A5
                                                                                                                                                                                                                                                                                                                                                                            Function 00A34C7D Relevance: 1.5, APIs: 1, Instructions: 39memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                                            • RtlAllocateHeap.NTDLL(00000008,00A01129,00000000,?,00A32E29,00000001,00000364,?,?,?,00A2F2DE,00A33863,00AD1444,?,00A1FDF5,?), ref: 00A34CBE
                                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2226104040.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226057028.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226471803.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226549313.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a00000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                                            • API ID: AllocateHeap
                                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1279760036-0
                                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 5b3aa29fae8fe67d7b2279643040e8ba6611307cb3af66efa0a6ca550fd9b0c6
                                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 7d8ede30a5df55f3ae94b2d896cce3c0afe41a6f439cba7269bd02396d5b5e7c
                                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 5b3aa29fae8fe67d7b2279643040e8ba6611307cb3af66efa0a6ca550fd9b0c6
                                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 53F0E93160773467DB215F66AD05B5A3798FF497B0F155122F815AA191CE70FC0246E0
                                                                                                                                                                                                                                                                                                                                                                            Function 00A33820 Relevance: 1.5, APIs: 1, Instructions: 32memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                                            • RtlAllocateHeap.NTDLL(00000000,?,00AD1444,?,00A1FDF5,?,?,00A0A976,00000010,00AD1440,00A013FC,?,00A013C6,?,00A01129), ref: 00A33852
                                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2226104040.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226057028.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226471803.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226549313.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a00000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                                            • API ID: AllocateHeap
                                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1279760036-0
                                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: cd0c2e17f553a931beaea1b13148318f31d99ff627ab20c1806e71635e7b3b5f
                                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: d37f692ec18d1e0c89c1b403ea44a783e591a11daedd38ab7867de807c1cf630
                                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: cd0c2e17f553a931beaea1b13148318f31d99ff627ab20c1806e71635e7b3b5f
                                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2BE0E53310A234A6EE212BBBAD01B9A3758AF427B0F150131BC05964A0CB10DD0282E4
                                                                                                                                                                                                                                                                                                                                                                            Function 00A04F39 Relevance: 1.5, APIs: 1, Instructions: 28COMMON
                                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                                            • FreeLibrary.KERNEL32(?,?,00AD1418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00A04F6D
                                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2226104040.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226057028.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226471803.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226549313.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a00000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                                            • API ID: FreeLibrary
                                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3664257935-0
                                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: bcd698012414aab0a16743f9e20448beabcbf941588a844c61eaea7e708b78df
                                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 30e5c6b6026c9c4e361b247a51ccda9b7bdc998689cf44964cfe998392076551
                                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: bcd698012414aab0a16743f9e20448beabcbf941588a844c61eaea7e708b78df
                                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 19F015B1505756CFDB349F64E590822BBF4BF187293208A7EE3EA82661CB319884DB10
                                                                                                                                                                                                                                                                                                                                                                            Function 00A92A55 Relevance: 1.5, APIs: 1, Instructions: 25COMMON
                                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                                            • IsWindow.USER32(00000000), ref: 00A92A66
                                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2226104040.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226057028.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226471803.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226549313.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a00000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                                            • API ID: Window
                                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                                            • API String ID: 2353593579-0
                                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 06af40955b21c9d79bca324f5748dcafc30626cffd1c51e867fa414b5640c1f1
                                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 5742a2ea5337e2ad3c3cfc3f8a09eb64738c83dcf9b9fcc8c00db6543f1cd32c
                                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 06af40955b21c9d79bca324f5748dcafc30626cffd1c51e867fa414b5640c1f1
                                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: A7E04F77354116BACB14EB30DC809FA73ECEF643D57104536AC1AC2500DB30999687A0
                                                                                                                                                                                                                                                                                                                                                                            Function 00A030F2 Relevance: 1.5, APIs: 1, Instructions: 24windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                                            • Shell_NotifyIconW.SHELL32(00000002,?), ref: 00A0314E
                                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2226104040.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226057028.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226471803.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226549313.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a00000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                                            • API ID: IconNotifyShell_
                                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1144537725-0
                                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 8030a9e13c90cdb1391101e6ada44d34f8de96120fc72302482f7f9c95506d11
                                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: d39509ee77e71bd884e84eaca8c56dd39f8038d8bbc0b0f344748ca9b425c1f6
                                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 8030a9e13c90cdb1391101e6ada44d34f8de96120fc72302482f7f9c95506d11
                                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: C5F0A770A00318AFEB92DB64EC497D57BFCA701708F0000E6A5499A181DB705789CF41
                                                                                                                                                                                                                                                                                                                                                                            Function 00A02DA5 Relevance: 1.5, APIs: 1, Instructions: 23COMMON
                                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                                            • GetLongPathNameW.KERNEL32(?,?,00007FFF), ref: 00A02DC4
                                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00A06B57: _wcslen.LIBCMT ref: 00A06B6A
                                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2226104040.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226057028.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226471803.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226549313.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a00000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                                            • API ID: LongNamePath_wcslen
                                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                                            • API String ID: 541455249-0
                                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 5d703ea8bf90543facfa8116502e7f305ad687cd8a6f8e6587797f27bb9d3e21
                                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 6566185803e67556612a276c8b51820e0020f7912491c16ce22cd429194f0c0b
                                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 5d703ea8bf90543facfa8116502e7f305ad687cd8a6f8e6587797f27bb9d3e21
                                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 93E0CD76A001245BC710E7989C05FDA77DDDFC8794F040072FD09D7248DD60AD858550
                                                                                                                                                                                                                                                                                                                                                                            Function 00A02B3D Relevance: 1.5, APIs: 1, Instructions: 22COMMON
                                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00A03837: Shell_NotifyIconW.SHELL32(00000000,?), ref: 00A03908
                                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00A0D730: GetInputState.USER32 ref: 00A0D807
                                                                                                                                                                                                                                                                                                                                                                            • SetCurrentDirectoryW.KERNEL32(?), ref: 00A02B6B
                                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00A030F2: Shell_NotifyIconW.SHELL32(00000002,?), ref: 00A0314E
                                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2226104040.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226057028.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226471803.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226549313.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a00000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                                            • API ID: IconNotifyShell_$CurrentDirectoryInputState
                                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3667716007-0
                                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: f79668663c83600b876434a870513adbcc10b4a3d28eed80dd090c4bf4f70a8b
                                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 281d8908d99a624cb637db702ff15ba656ad4474175c1c60e6a16643bf189cc0
                                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: f79668663c83600b876434a870513adbcc10b4a3d28eed80dd090c4bf4f70a8b
                                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 05E086A370425C17CA04FBB4BA5657EB75D9BD1351F40597FF143472E3CE24454A4352
                                                                                                                                                                                                                                                                                                                                                                            Function 00A6DF27 Relevance: 1.5, APIs: 1, Instructions: 20COMMON
                                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                                            • SHGetFolderPathW.SHELL32(00000000,?,00000000,00000000,?), ref: 00A6DF40
                                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00A06B57: _wcslen.LIBCMT ref: 00A06B6A
                                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2226104040.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226057028.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226471803.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226549313.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a00000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                                            • API ID: FolderPath_wcslen
                                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                                            • API String ID: 2987691875-0
                                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: e7dd3aa5a42b348bdf0ff94897213d11132b7367f08e0a107c4ed8c443cb3b24
                                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: bf09afc8e8b57c6816bac48227640ab61f2488d7157fbc26451c10e699730067
                                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: e7dd3aa5a42b348bdf0ff94897213d11132b7367f08e0a107c4ed8c443cb3b24
                                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9AD05EE2A002282BDF60E6749D0DEF73AACC780224F0006A1786DD3192ED20DD4586F0
                                                                                                                                                                                                                                                                                                                                                                            Function 00A4039A Relevance: 1.5, APIs: 1, Instructions: 15fileCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                                            • CreateFileW.KERNEL32(00000000,00000000,?,00A40704,?,?,00000000,?,00A40704,00000000,0000000C), ref: 00A403B7
                                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2226104040.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226057028.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226471803.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226549313.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a00000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                                            • API ID: CreateFile
                                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                                            • API String ID: 823142352-0
                                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 0d4687b2d4b67b0e94d824b2ab355ba9286de293a4fb9186fba886160762f728
                                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 03c36797434889da4b155c260a1187f76be99695321f7e6a61d8c5ae7b4b0695
                                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0d4687b2d4b67b0e94d824b2ab355ba9286de293a4fb9186fba886160762f728
                                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 78D06C3214010DBBDF028F84DD06EDA3BAAFB48714F114100BE1856020C732E822AB94
                                                                                                                                                                                                                                                                                                                                                                            Function 00A01CAD Relevance: 1.5, APIs: 1, Instructions: 8COMMON
                                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                                            • SystemParametersInfoW.USER32(00002001,00000000,00000002), ref: 00A01CBC
                                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2226104040.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226057028.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226471803.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226549313.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a00000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                                            • API ID: InfoParametersSystem
                                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3098949447-0
                                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 0de6675b339ad696392807a2094aefe15ab961f5d46b6328003357881d2308f0
                                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 59097b5840b3358e49b4d7c9daea18973e2846f5b55eaa61ad691f6ae073eab7
                                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0de6675b339ad696392807a2094aefe15ab961f5d46b6328003357881d2308f0
                                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2AC092363C1304AFF214CBC4BC4EF107764A358B14F448003F60AA95E3C7A22822EB50

                                                                                                                                                                                                                                                                                                                                                                            Non-executed Functions

                                                                                                                                                                                                                                                                                                                                                                            Function 00A99576 Relevance: 72.4, APIs: 39, Strings: 2, Instructions: 625windowkeyboardCOMMON
                                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00A19BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00A19BB2
                                                                                                                                                                                                                                                                                                                                                                            • DefDlgProcW.USER32(?,0000004E,?,?,?,?,?,?), ref: 00A9961A
                                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,0000130B,00000000,00000000), ref: 00A9965B
                                                                                                                                                                                                                                                                                                                                                                            • GetWindowLongW.USER32(FFFFFDD9,000000F0), ref: 00A9969F
                                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 00A996C9
                                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32 ref: 00A996F2
                                                                                                                                                                                                                                                                                                                                                                            • GetKeyState.USER32(00000011), ref: 00A9978B
                                                                                                                                                                                                                                                                                                                                                                            • GetKeyState.USER32(00000009), ref: 00A99798
                                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,0000130B,00000000,00000000), ref: 00A997AE
                                                                                                                                                                                                                                                                                                                                                                            • GetKeyState.USER32(00000010), ref: 00A997B8
                                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 00A997E9
                                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32 ref: 00A99810
                                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00001030,?,00A97E95), ref: 00A99918
                                                                                                                                                                                                                                                                                                                                                                            • ImageList_SetDragCursorImage.COMCTL32(00000000,00000000,00000000,?,?,?), ref: 00A9992E
                                                                                                                                                                                                                                                                                                                                                                            • ImageList_BeginDrag.COMCTL32(00000000,000000F8,000000F0), ref: 00A99941
                                                                                                                                                                                                                                                                                                                                                                            • SetCapture.USER32(?), ref: 00A9994A
                                                                                                                                                                                                                                                                                                                                                                            • ClientToScreen.USER32(?,?), ref: 00A999AF
                                                                                                                                                                                                                                                                                                                                                                            • ImageList_DragEnter.COMCTL32(00000000,?,?), ref: 00A999BC
                                                                                                                                                                                                                                                                                                                                                                            • InvalidateRect.USER32(?,00000000,00000001,?,?,?), ref: 00A999D6
                                                                                                                                                                                                                                                                                                                                                                            • ReleaseCapture.USER32 ref: 00A999E1
                                                                                                                                                                                                                                                                                                                                                                            • GetCursorPos.USER32(?), ref: 00A99A19
                                                                                                                                                                                                                                                                                                                                                                            • ScreenToClient.USER32(?,?), ref: 00A99A26
                                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00001012,00000000,?), ref: 00A99A80
                                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32 ref: 00A99AAE
                                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00001111,00000000,?), ref: 00A99AEB
                                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32 ref: 00A99B1A
                                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,0000110B,00000009,00000000), ref: 00A99B3B
                                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,0000110B,00000009,?), ref: 00A99B4A
                                                                                                                                                                                                                                                                                                                                                                            • GetCursorPos.USER32(?), ref: 00A99B68
                                                                                                                                                                                                                                                                                                                                                                            • ScreenToClient.USER32(?,?), ref: 00A99B75
                                                                                                                                                                                                                                                                                                                                                                            • GetParent.USER32(?), ref: 00A99B93
                                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00001012,00000000,?), ref: 00A99BFA
                                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32 ref: 00A99C2B
                                                                                                                                                                                                                                                                                                                                                                            • ClientToScreen.USER32(?,?), ref: 00A99C84
                                                                                                                                                                                                                                                                                                                                                                            • TrackPopupMenuEx.USER32(?,00000000,?,?,?,00000000), ref: 00A99CB4
                                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00001111,00000000,?), ref: 00A99CDE
                                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32 ref: 00A99D01
                                                                                                                                                                                                                                                                                                                                                                            • ClientToScreen.USER32(?,?), ref: 00A99D4E
                                                                                                                                                                                                                                                                                                                                                                            • TrackPopupMenuEx.USER32(?,00000080,?,?,?,00000000), ref: 00A99D82
                                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00A19944: GetWindowLongW.USER32(?,000000EB), ref: 00A19952
                                                                                                                                                                                                                                                                                                                                                                            • GetWindowLongW.USER32(?,000000F0), ref: 00A99E05
                                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2226104040.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226057028.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226471803.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226549313.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a00000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                                            • API ID: MessageSend$ClientScreen$ImageLongWindow$CursorDragList_State$CaptureMenuPopupTrack$BeginEnterInvalidateParentProcRectRelease
                                                                                                                                                                                                                                                                                                                                                                            • String ID: @GUI_DRAGID$F
                                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3429851547-4164748364
                                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: e91c13b753cb77cdbd5f56554bdfaf4dcf149e3d6b7975a7be2e34d1a199da97
                                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 3796936e9d7cf018c011c0c15892c0b46a120e98897f48e4c6c46c06b9d3001e
                                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: e91c13b753cb77cdbd5f56554bdfaf4dcf149e3d6b7975a7be2e34d1a199da97
                                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 91427C35304241BFDB24CF68CD94AABBBE5FF49720F14061EF699872A1DB31A891CB51
                                                                                                                                                                                                                                                                                                                                                                            Function 00A94873 Relevance: 60.1, APIs: 33, Strings: 1, Instructions: 566windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,00000408,00000000,00000000), ref: 00A948F3
                                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,00000188,00000000,00000000), ref: 00A94908
                                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,0000018A,00000000,00000000), ref: 00A94927
                                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00000148,00000000,00000000), ref: 00A9494B
                                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,00000147,00000000,00000000), ref: 00A9495C
                                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,00000149,00000000,00000000), ref: 00A9497B
                                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,0000130B,00000000,00000000), ref: 00A949AE
                                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,0000133C,00000000,?), ref: 00A949D4
                                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,0000110A,00000009,00000000), ref: 00A94A0F
                                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,0000113E,00000000,00000004), ref: 00A94A56
                                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,0000113E,00000000,00000004), ref: 00A94A7E
                                                                                                                                                                                                                                                                                                                                                                            • IsMenu.USER32(?), ref: 00A94A97
                                                                                                                                                                                                                                                                                                                                                                            • GetMenuItemInfoW.USER32(?,?,00000000,?), ref: 00A94AF2
                                                                                                                                                                                                                                                                                                                                                                            • GetMenuItemInfoW.USER32(?,?,00000000,?), ref: 00A94B20
                                                                                                                                                                                                                                                                                                                                                                            • GetWindowLongW.USER32(?,000000F0), ref: 00A94B94
                                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,0000113E,00000000,00000008), ref: 00A94BE3
                                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,00001001,00000000,?), ref: 00A94C82
                                                                                                                                                                                                                                                                                                                                                                            • wsprintfW.USER32 ref: 00A94CAE
                                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,0000000E,00000000,00000000), ref: 00A94CC9
                                                                                                                                                                                                                                                                                                                                                                            • GetWindowTextW.USER32(?,00000000,00000001), ref: 00A94CF1
                                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,000000F0,00000000,00000000), ref: 00A94D13
                                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,0000000E,00000000,00000000), ref: 00A94D33
                                                                                                                                                                                                                                                                                                                                                                            • GetWindowTextW.USER32(?,00000000,00000001), ref: 00A94D5A
                                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2226104040.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226057028.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226471803.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226549313.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a00000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                                            • API ID: MessageSend$MenuWindow$InfoItemText$Longwsprintf
                                                                                                                                                                                                                                                                                                                                                                            • String ID: %d/%02d/%02d
                                                                                                                                                                                                                                                                                                                                                                            • API String ID: 4054740463-328681919
                                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: abfdefdd53b55033d117e6b82d0d132d43bc3d6e934780f1db8706f085b4345f
                                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: bea6ee4040a9b7e767055bba1ea168c7e1979756aa8fd93c906e64e85412a857
                                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: abfdefdd53b55033d117e6b82d0d132d43bc3d6e934780f1db8706f085b4345f
                                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7E12CE71700255ABEF248F68CC49FAE7BF8AF49710F14412AF516EB2E1DB789942CB50
                                                                                                                                                                                                                                                                                                                                                                            Function 00A1F98E Relevance: 43.9, APIs: 24, Strings: 1, Instructions: 130keyboardthreadwindowCOMMON
                                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                                            • GetForegroundWindow.USER32(00000000,00000000,00000000), ref: 00A1F998
                                                                                                                                                                                                                                                                                                                                                                            • FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 00A5F474
                                                                                                                                                                                                                                                                                                                                                                            • IsIconic.USER32(00000000), ref: 00A5F47D
                                                                                                                                                                                                                                                                                                                                                                            • ShowWindow.USER32(00000000,00000009), ref: 00A5F48A
                                                                                                                                                                                                                                                                                                                                                                            • SetForegroundWindow.USER32(00000000), ref: 00A5F494
                                                                                                                                                                                                                                                                                                                                                                            • GetWindowThreadProcessId.USER32(00000000,00000000), ref: 00A5F4AA
                                                                                                                                                                                                                                                                                                                                                                            • GetCurrentThreadId.KERNEL32 ref: 00A5F4B1
                                                                                                                                                                                                                                                                                                                                                                            • GetWindowThreadProcessId.USER32(00000000,00000000), ref: 00A5F4BD
                                                                                                                                                                                                                                                                                                                                                                            • AttachThreadInput.USER32(?,00000000,00000001), ref: 00A5F4CE
                                                                                                                                                                                                                                                                                                                                                                            • AttachThreadInput.USER32(?,00000000,00000001), ref: 00A5F4D6
                                                                                                                                                                                                                                                                                                                                                                            • AttachThreadInput.USER32(00000000,000000FF,00000001), ref: 00A5F4DE
                                                                                                                                                                                                                                                                                                                                                                            • SetForegroundWindow.USER32(00000000), ref: 00A5F4E1
                                                                                                                                                                                                                                                                                                                                                                            • MapVirtualKeyW.USER32(00000012,00000000), ref: 00A5F4F6
                                                                                                                                                                                                                                                                                                                                                                            • keybd_event.USER32(00000012,00000000), ref: 00A5F501
                                                                                                                                                                                                                                                                                                                                                                            • MapVirtualKeyW.USER32(00000012,00000000), ref: 00A5F50B
                                                                                                                                                                                                                                                                                                                                                                            • keybd_event.USER32(00000012,00000000), ref: 00A5F510
                                                                                                                                                                                                                                                                                                                                                                            • MapVirtualKeyW.USER32(00000012,00000000), ref: 00A5F519
                                                                                                                                                                                                                                                                                                                                                                            • keybd_event.USER32(00000012,00000000), ref: 00A5F51E
                                                                                                                                                                                                                                                                                                                                                                            • MapVirtualKeyW.USER32(00000012,00000000), ref: 00A5F528
                                                                                                                                                                                                                                                                                                                                                                            • keybd_event.USER32(00000012,00000000), ref: 00A5F52D
                                                                                                                                                                                                                                                                                                                                                                            • SetForegroundWindow.USER32(00000000), ref: 00A5F530
                                                                                                                                                                                                                                                                                                                                                                            • AttachThreadInput.USER32(?,000000FF,00000000), ref: 00A5F557
                                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2226104040.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226057028.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226471803.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226549313.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a00000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                                            • API ID: Window$Thread$AttachForegroundInputVirtualkeybd_event$Process$CurrentFindIconicShow
                                                                                                                                                                                                                                                                                                                                                                            • String ID: Shell_TrayWnd
                                                                                                                                                                                                                                                                                                                                                                            • API String ID: 4125248594-2988720461
                                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 88e347983c4b528930669197f2242818e207fd99801dee1f0c662ba4c333fa09
                                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 68c9170181f9d94a10e578f751e1eb8cdd7ee14d2c9f42308a0e4ab92786274e
                                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 88e347983c4b528930669197f2242818e207fd99801dee1f0c662ba4c333fa09
                                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7B315371B802187FEB20ABF55C49FBF7E7DEB44B61F110426FA04E61D1DAB15D01AA60
                                                                                                                                                                                                                                                                                                                                                                            Function 00A61201 Relevance: 38.7, APIs: 19, Strings: 3, Instructions: 241COMMON
                                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00A616C3: LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 00A6170D
                                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00A616C3: AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 00A6173A
                                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00A616C3: GetLastError.KERNEL32 ref: 00A6174A
                                                                                                                                                                                                                                                                                                                                                                            • LogonUserW.ADVAPI32(?,?,?,00000000,00000000,?), ref: 00A61286
                                                                                                                                                                                                                                                                                                                                                                            • DuplicateTokenEx.ADVAPI32(?,00000000,00000000,00000002,00000001,?), ref: 00A612A8
                                                                                                                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(?), ref: 00A612B9
                                                                                                                                                                                                                                                                                                                                                                            • OpenWindowStationW.USER32(winsta0,00000000,00060000), ref: 00A612D1
                                                                                                                                                                                                                                                                                                                                                                            • GetProcessWindowStation.USER32 ref: 00A612EA
                                                                                                                                                                                                                                                                                                                                                                            • SetProcessWindowStation.USER32(00000000), ref: 00A612F4
                                                                                                                                                                                                                                                                                                                                                                            • OpenDesktopW.USER32(default,00000000,00000000,00060081), ref: 00A61310
                                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00A610BF: AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000000,00000000,00000000,?,00A611FC), ref: 00A610D4
                                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00A610BF: CloseHandle.KERNEL32(?,?,00A611FC), ref: 00A610E9
                                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2226104040.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226057028.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226471803.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226549313.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a00000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                                            • API ID: StationTokenWindow$AdjustCloseHandleOpenPrivilegesProcess$DesktopDuplicateErrorLastLogonLookupPrivilegeUserValue
                                                                                                                                                                                                                                                                                                                                                                            • String ID: $default$winsta0
                                                                                                                                                                                                                                                                                                                                                                            • API String ID: 22674027-1027155976
                                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 303e87b25b7f3b21f623253888b6218ce9a4c901d1522e1f728ca85bfa97c466
                                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 82802d046cc1d5d7bdc951cd94582154360f68a82fcd2e4928deba59f098a624
                                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 303e87b25b7f3b21f623253888b6218ce9a4c901d1522e1f728ca85bfa97c466
                                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1081ACB1A00208AFDF21DFA4DD49FEE7FB9EF04704F18412AFA11A61A0DB718945CB21
                                                                                                                                                                                                                                                                                                                                                                            Function 00A60B62 Relevance: 31.7, APIs: 21, Instructions: 202memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00A610F9: GetUserObjectSecurity.USER32(?,00000004,?,00000000,?), ref: 00A61114
                                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00A610F9: GetLastError.KERNEL32(?,00000000,00000000,?,?,00A60B9B,?,?,?), ref: 00A61120
                                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00A610F9: GetProcessHeap.KERNEL32(00000008,?,?,00000000,00000000,?,?,00A60B9B,?,?,?), ref: 00A6112F
                                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00A610F9: HeapAlloc.KERNEL32(00000000,?,00000000,00000000,?,?,00A60B9B,?,?,?), ref: 00A61136
                                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00A610F9: GetUserObjectSecurity.USER32(?,00000004,00000000,?,?), ref: 00A6114D
                                                                                                                                                                                                                                                                                                                                                                            • GetSecurityDescriptorDacl.ADVAPI32(?,?,?,?), ref: 00A60BCC
                                                                                                                                                                                                                                                                                                                                                                            • GetAclInformation.ADVAPI32(?,?,0000000C,00000002), ref: 00A60C00
                                                                                                                                                                                                                                                                                                                                                                            • GetLengthSid.ADVAPI32(?), ref: 00A60C17
                                                                                                                                                                                                                                                                                                                                                                            • GetAce.ADVAPI32(?,00000000,?), ref: 00A60C51
                                                                                                                                                                                                                                                                                                                                                                            • AddAce.ADVAPI32(?,00000002,000000FF,?,?), ref: 00A60C6D
                                                                                                                                                                                                                                                                                                                                                                            • GetLengthSid.ADVAPI32(?), ref: 00A60C84
                                                                                                                                                                                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000008,00000008), ref: 00A60C8C
                                                                                                                                                                                                                                                                                                                                                                            • HeapAlloc.KERNEL32(00000000), ref: 00A60C93
                                                                                                                                                                                                                                                                                                                                                                            • GetLengthSid.ADVAPI32(?,00000008,?), ref: 00A60CB4
                                                                                                                                                                                                                                                                                                                                                                            • CopySid.ADVAPI32(00000000), ref: 00A60CBB
                                                                                                                                                                                                                                                                                                                                                                            • AddAce.ADVAPI32(?,00000002,000000FF,00000000,?), ref: 00A60CEA
                                                                                                                                                                                                                                                                                                                                                                            • SetSecurityDescriptorDacl.ADVAPI32(?,00000001,?,00000000), ref: 00A60D0C
                                                                                                                                                                                                                                                                                                                                                                            • SetUserObjectSecurity.USER32(?,00000004,?), ref: 00A60D1E
                                                                                                                                                                                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00A60D45
                                                                                                                                                                                                                                                                                                                                                                            • HeapFree.KERNEL32(00000000), ref: 00A60D4C
                                                                                                                                                                                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00A60D55
                                                                                                                                                                                                                                                                                                                                                                            • HeapFree.KERNEL32(00000000), ref: 00A60D5C
                                                                                                                                                                                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00A60D65
                                                                                                                                                                                                                                                                                                                                                                            • HeapFree.KERNEL32(00000000), ref: 00A60D6C
                                                                                                                                                                                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,?), ref: 00A60D78
                                                                                                                                                                                                                                                                                                                                                                            • HeapFree.KERNEL32(00000000), ref: 00A60D7F
                                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00A61193: GetProcessHeap.KERNEL32(00000008,00A60BB1,?,00000000,?,00A60BB1,?), ref: 00A611A1
                                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00A61193: HeapAlloc.KERNEL32(00000000,?,00000000,?,00A60BB1,?), ref: 00A611A8
                                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00A61193: InitializeSecurityDescriptor.ADVAPI32(00000000,00000001,?,00000000,?,00A60BB1,?), ref: 00A611B7
                                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2226104040.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226057028.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226471803.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226549313.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a00000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                                            • API ID: Heap$Process$Security$Free$AllocDescriptorLengthObjectUser$Dacl$CopyErrorInformationInitializeLast
                                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                                            • API String ID: 4175595110-0
                                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 41c5bf07fedcd47d9aa570c647570a40ef293943d742f5a40d21e3b4f0abfb57
                                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: c8c94d140490d13fae205c7829b31506447b81d1d39aac262cddd7bb91d3851d
                                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 41c5bf07fedcd47d9aa570c647570a40ef293943d742f5a40d21e3b4f0abfb57
                                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 90715A72A0021AEFDF10DFE4DC44FAFBBB8BF05310F144616E915A6191DB71AA46CBA0
                                                                                                                                                                                                                                                                                                                                                                            Function 00A7EAFF Relevance: 30.2, APIs: 20, Instructions: 191clipboardfileCOMMON
                                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                                            • OpenClipboard.USER32(00A9CC08), ref: 00A7EB29
                                                                                                                                                                                                                                                                                                                                                                            • IsClipboardFormatAvailable.USER32(0000000D), ref: 00A7EB37
                                                                                                                                                                                                                                                                                                                                                                            • GetClipboardData.USER32(0000000D), ref: 00A7EB43
                                                                                                                                                                                                                                                                                                                                                                            • CloseClipboard.USER32 ref: 00A7EB4F
                                                                                                                                                                                                                                                                                                                                                                            • GlobalLock.KERNEL32(00000000), ref: 00A7EB87
                                                                                                                                                                                                                                                                                                                                                                            • CloseClipboard.USER32 ref: 00A7EB91
                                                                                                                                                                                                                                                                                                                                                                            • GlobalUnlock.KERNEL32(00000000), ref: 00A7EBBC
                                                                                                                                                                                                                                                                                                                                                                            • IsClipboardFormatAvailable.USER32(00000001), ref: 00A7EBC9
                                                                                                                                                                                                                                                                                                                                                                            • GetClipboardData.USER32(00000001), ref: 00A7EBD1
                                                                                                                                                                                                                                                                                                                                                                            • GlobalLock.KERNEL32(00000000), ref: 00A7EBE2
                                                                                                                                                                                                                                                                                                                                                                            • GlobalUnlock.KERNEL32(00000000), ref: 00A7EC22
                                                                                                                                                                                                                                                                                                                                                                            • IsClipboardFormatAvailable.USER32(0000000F), ref: 00A7EC38
                                                                                                                                                                                                                                                                                                                                                                            • GetClipboardData.USER32(0000000F), ref: 00A7EC44
                                                                                                                                                                                                                                                                                                                                                                            • GlobalLock.KERNEL32(00000000), ref: 00A7EC55
                                                                                                                                                                                                                                                                                                                                                                            • DragQueryFileW.SHELL32(00000000,000000FF,00000000,00000000), ref: 00A7EC77
                                                                                                                                                                                                                                                                                                                                                                            • DragQueryFileW.SHELL32(00000000,?,?,00000104), ref: 00A7EC94
                                                                                                                                                                                                                                                                                                                                                                            • DragQueryFileW.SHELL32(00000000,?,?,00000104), ref: 00A7ECD2
                                                                                                                                                                                                                                                                                                                                                                            • GlobalUnlock.KERNEL32(00000000), ref: 00A7ECF3
                                                                                                                                                                                                                                                                                                                                                                            • CountClipboardFormats.USER32 ref: 00A7ED14
                                                                                                                                                                                                                                                                                                                                                                            • CloseClipboard.USER32 ref: 00A7ED59
                                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2226104040.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226057028.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226471803.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226549313.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a00000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                                            • API ID: Clipboard$Global$AvailableCloseDataDragFileFormatLockQueryUnlock$CountFormatsOpen
                                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                                            • API String ID: 420908878-0
                                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 2caa1c452baf6b7d276faa9b572c7bd459ce0945142848585f5c1e9e88e784a0
                                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: f4b48c8c64bb1827f052ff54f614680822f35a4eb30b03fcbeafafe2aeef3b1f
                                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2caa1c452baf6b7d276faa9b572c7bd459ce0945142848585f5c1e9e88e784a0
                                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: BB61E2352042059FD310EF64DD84F6A7BE8AF88714F04C59AF55A872A2DF30DD06CBA2
                                                                                                                                                                                                                                                                                                                                                                            Function 00A7698F Relevance: 21.4, APIs: 7, Strings: 5, Instructions: 363timefileCOMMON
                                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                                            • FindFirstFileW.KERNEL32(?,?), ref: 00A769BE
                                                                                                                                                                                                                                                                                                                                                                            • FindClose.KERNEL32(00000000), ref: 00A76A12
                                                                                                                                                                                                                                                                                                                                                                            • FileTimeToLocalFileTime.KERNEL32(?,?), ref: 00A76A4E
                                                                                                                                                                                                                                                                                                                                                                            • FileTimeToLocalFileTime.KERNEL32(?,?), ref: 00A76A75
                                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00A09CB3: _wcslen.LIBCMT ref: 00A09CBD
                                                                                                                                                                                                                                                                                                                                                                            • FileTimeToSystemTime.KERNEL32(?,?), ref: 00A76AB2
                                                                                                                                                                                                                                                                                                                                                                            • FileTimeToSystemTime.KERNEL32(?,?), ref: 00A76ADF
                                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2226104040.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226057028.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226471803.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226549313.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a00000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                                            • API ID: Time$File$FindLocalSystem$CloseFirst_wcslen
                                                                                                                                                                                                                                                                                                                                                                            • String ID: %02d$%03d$%4d$%4d%02d%02d%02d%02d%02d$%4d%02d%02d%02d%02d%02d%03d
                                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3830820486-3289030164
                                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 7f688fbaabb438be620e3c4c53b7c2813290f2e308a150396708ad5d30309272
                                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: ab5b96af7c2bb8b89f1d8b5c09ce0fc754a8eee1510ad17d83a7a2e3c052e2fc
                                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 7f688fbaabb438be620e3c4c53b7c2813290f2e308a150396708ad5d30309272
                                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 46D14071508344AEC710EBA4DD81EABB7ECAF88704F44491DF589D6191EB74EA48CB62
                                                                                                                                                                                                                                                                                                                                                                            Function 00A79642 Relevance: 21.1, APIs: 11, Strings: 1, Instructions: 118fileCOMMON
                                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                                            • FindFirstFileW.KERNEL32(?,?,75918FB0,?,00000000), ref: 00A79663
                                                                                                                                                                                                                                                                                                                                                                            • GetFileAttributesW.KERNEL32(?), ref: 00A796A1
                                                                                                                                                                                                                                                                                                                                                                            • SetFileAttributesW.KERNEL32(?,?), ref: 00A796BB
                                                                                                                                                                                                                                                                                                                                                                            • FindNextFileW.KERNEL32(00000000,?), ref: 00A796D3
                                                                                                                                                                                                                                                                                                                                                                            • FindClose.KERNEL32(00000000), ref: 00A796DE
                                                                                                                                                                                                                                                                                                                                                                            • FindFirstFileW.KERNEL32(*.*,?), ref: 00A796FA
                                                                                                                                                                                                                                                                                                                                                                            • SetCurrentDirectoryW.KERNEL32(?), ref: 00A7974A
                                                                                                                                                                                                                                                                                                                                                                            • SetCurrentDirectoryW.KERNEL32(00AC6B7C), ref: 00A79768
                                                                                                                                                                                                                                                                                                                                                                            • FindNextFileW.KERNEL32(00000000,00000010), ref: 00A79772
                                                                                                                                                                                                                                                                                                                                                                            • FindClose.KERNEL32(00000000), ref: 00A7977F
                                                                                                                                                                                                                                                                                                                                                                            • FindClose.KERNEL32(00000000), ref: 00A7978F
                                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2226104040.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226057028.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226471803.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226549313.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a00000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                                            • API ID: Find$File$Close$AttributesCurrentDirectoryFirstNext
                                                                                                                                                                                                                                                                                                                                                                            • String ID: *.*
                                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1409584000-438819550
                                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 9c85cb2f6af36f5be921f5fba0d05e5380121cd7e9793d05a9bc83e5e9f73d85
                                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 8782566e2d4e40dfffba7549a72c7fded9ed8d80de69308d6c5494541addf8e7
                                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9c85cb2f6af36f5be921f5fba0d05e5380121cd7e9793d05a9bc83e5e9f73d85
                                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7D319132641619BBDB14EFB4EC49EDF77ACAF09320F10C567E819E2190EB30DD458A24
                                                                                                                                                                                                                                                                                                                                                                            Function 00A7979D Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 111fileCOMMON
                                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                                            • FindFirstFileW.KERNEL32(?,?,75918FB0,?,00000000), ref: 00A797BE
                                                                                                                                                                                                                                                                                                                                                                            • FindNextFileW.KERNEL32(00000000,?), ref: 00A79819
                                                                                                                                                                                                                                                                                                                                                                            • FindClose.KERNEL32(00000000), ref: 00A79824
                                                                                                                                                                                                                                                                                                                                                                            • FindFirstFileW.KERNEL32(*.*,?), ref: 00A79840
                                                                                                                                                                                                                                                                                                                                                                            • SetCurrentDirectoryW.KERNEL32(?), ref: 00A79890
                                                                                                                                                                                                                                                                                                                                                                            • SetCurrentDirectoryW.KERNEL32(00AC6B7C), ref: 00A798AE
                                                                                                                                                                                                                                                                                                                                                                            • FindNextFileW.KERNEL32(00000000,00000010), ref: 00A798B8
                                                                                                                                                                                                                                                                                                                                                                            • FindClose.KERNEL32(00000000), ref: 00A798C5
                                                                                                                                                                                                                                                                                                                                                                            • FindClose.KERNEL32(00000000), ref: 00A798D5
                                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00A6DAE5: CreateFileW.KERNEL32(?,40000000,00000001,00000000,00000003,02000080,00000000), ref: 00A6DB00
                                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2226104040.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226057028.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226471803.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226549313.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a00000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                                            • API ID: Find$File$Close$CurrentDirectoryFirstNext$Create
                                                                                                                                                                                                                                                                                                                                                                            • String ID: *.*
                                                                                                                                                                                                                                                                                                                                                                            • API String ID: 2640511053-438819550
                                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: de82891dde68eacba4051e9672878fa5605e46b5f0a0be35db3ca6eddff377a0
                                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 408d5e6d0a3d2db329299921105107be86ee06ea27ee109cd17b14c9b404e570
                                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: de82891dde68eacba4051e9672878fa5605e46b5f0a0be35db3ca6eddff377a0
                                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 75319232641A19BADB10EFB4EC48ADF77ACAF06320F14C5A7E818A2190DB30DD458B65
                                                                                                                                                                                                                                                                                                                                                                            Function 00A6D076 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 172fileCOMMON
                                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00A03AA2: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,00A03A97,?,?,00A02E7F,?,?,?,00000000), ref: 00A03AC2
                                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00A6E199: GetFileAttributesW.KERNEL32(?,00A6CF95), ref: 00A6E19A
                                                                                                                                                                                                                                                                                                                                                                            • FindFirstFileW.KERNEL32(?,?), ref: 00A6D122
                                                                                                                                                                                                                                                                                                                                                                            • DeleteFileW.KERNEL32(?,?,?,?,?,00000000,?,?,?), ref: 00A6D1DD
                                                                                                                                                                                                                                                                                                                                                                            • MoveFileW.KERNEL32(?,?), ref: 00A6D1F0
                                                                                                                                                                                                                                                                                                                                                                            • DeleteFileW.KERNEL32(?,?,?,?), ref: 00A6D20D
                                                                                                                                                                                                                                                                                                                                                                            • FindNextFileW.KERNEL32(00000000,00000010), ref: 00A6D237
                                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00A6D29C: CopyFileExW.KERNEL32(?,?,00000000,00000000,00000000,00000008,?,?,00A6D21C,?,?), ref: 00A6D2B2
                                                                                                                                                                                                                                                                                                                                                                            • FindClose.KERNEL32(00000000,?,?,?), ref: 00A6D253
                                                                                                                                                                                                                                                                                                                                                                            • FindClose.KERNEL32(00000000), ref: 00A6D264
                                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2226104040.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226057028.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226471803.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226549313.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a00000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                                            • API ID: File$Find$CloseDelete$AttributesCopyFirstFullMoveNameNextPath
                                                                                                                                                                                                                                                                                                                                                                            • String ID: \*.*
                                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1946585618-1173974218
                                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 53c45586540e5dc3c8b9a729db3933a259dfb09b36ed2f62d75c3b1f4b7f9ad2
                                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: cf15d13d552c6397f36c12c50bc8046a2165bd37a110cd98e86bd1a54fcbfebf
                                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 53c45586540e5dc3c8b9a729db3933a259dfb09b36ed2f62d75c3b1f4b7f9ad2
                                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: ED616E31E0110DAFCF05EBE0DA929EEB7B9AF55340F208165E40277192EB316F09DB61
                                                                                                                                                                                                                                                                                                                                                                            Function 00A7ED6A Relevance: 13.6, APIs: 9, Instructions: 102clipboardmemoryCOMMON
                                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2226104040.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226057028.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226471803.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226549313.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a00000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                                            • API ID: Clipboard$AllocCloseEmptyGlobalOpen
                                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1737998785-0
                                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: a040cf164879af114f4bd0ac4acaaa046e92f631c9d2fcbdae4e0c999429d129
                                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: d3c94999622950d7402e0ff0a0b42703276a031d8f010414938b9865a329a6e7
                                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a040cf164879af114f4bd0ac4acaaa046e92f631c9d2fcbdae4e0c999429d129
                                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3841A335604611AFD720DF55E848F5ABBE5FF48328F14C49AE4198F6A2CB35EC42CB90
                                                                                                                                                                                                                                                                                                                                                                            Function 00A6E8F6 Relevance: 12.3, APIs: 3, Strings: 4, Instructions: 57shutdownCOMMON
                                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00A616C3: LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 00A6170D
                                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00A616C3: AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 00A6173A
                                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00A616C3: GetLastError.KERNEL32 ref: 00A6174A
                                                                                                                                                                                                                                                                                                                                                                            • ExitWindowsEx.USER32(?,00000000), ref: 00A6E932
                                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2226104040.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226057028.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226471803.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226549313.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a00000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                                            • API ID: AdjustErrorExitLastLookupPrivilegePrivilegesTokenValueWindows
                                                                                                                                                                                                                                                                                                                                                                            • String ID: $ $@$SeShutdownPrivilege
                                                                                                                                                                                                                                                                                                                                                                            • API String ID: 2234035333-3163812486
                                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 4b9b211b5ab2929b5c1f032ae0103b807a6c36a445a9a7b6859badefda4782b1
                                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: e81424ea23c5475c83394ae6ec424a7f55874f8d4ac7f179332625150f6712dd
                                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4b9b211b5ab2929b5c1f032ae0103b807a6c36a445a9a7b6859badefda4782b1
                                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3401D67B710211ABFB54E7B49C86FBBB37CAF14750F150822F912E21D1E9A15C4081A0
                                                                                                                                                                                                                                                                                                                                                                            Function 00A81204 Relevance: 12.1, APIs: 8, Instructions: 113networkCOMMON
                                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                                            • socket.WSOCK32(00000002,00000001,00000006,?,00000002,00000000), ref: 00A81276
                                                                                                                                                                                                                                                                                                                                                                            • WSAGetLastError.WSOCK32 ref: 00A81283
                                                                                                                                                                                                                                                                                                                                                                            • bind.WSOCK32(00000000,?,00000010), ref: 00A812BA
                                                                                                                                                                                                                                                                                                                                                                            • WSAGetLastError.WSOCK32 ref: 00A812C5
                                                                                                                                                                                                                                                                                                                                                                            • closesocket.WSOCK32(00000000), ref: 00A812F4
                                                                                                                                                                                                                                                                                                                                                                            • listen.WSOCK32(00000000,00000005), ref: 00A81303
                                                                                                                                                                                                                                                                                                                                                                            • WSAGetLastError.WSOCK32 ref: 00A8130D
                                                                                                                                                                                                                                                                                                                                                                            • closesocket.WSOCK32(00000000), ref: 00A8133C
                                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2226104040.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226057028.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226471803.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226549313.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a00000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                                            • API ID: ErrorLast$closesocket$bindlistensocket
                                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                                            • API String ID: 540024437-0
                                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 808bbcb5e3a172b1c11f6609cf6e70504726a9d6d636fe83f3c9a427e18501fa
                                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: bba3b30be8bb6ad7fee0353ffeaba8c2a91a2e72e9bfd151660af15577c2aa18
                                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 808bbcb5e3a172b1c11f6609cf6e70504726a9d6d636fe83f3c9a427e18501fa
                                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4141A4316002009FD710EF64D588B69BBE9FF46328F188199D8568F2D6D771ED82CBE1
                                                                                                                                                                                                                                                                                                                                                                            Function 00A3B952 Relevance: 10.9, APIs: 7, Instructions: 370timeCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 00A3B9D4
                                                                                                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 00A3B9F8
                                                                                                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 00A3BB7F
                                                                                                                                                                                                                                                                                                                                                                            • GetTimeZoneInformation.KERNEL32(?,00000000,00000000,00000000,?,00AA3700), ref: 00A3BB91
                                                                                                                                                                                                                                                                                                                                                                            • WideCharToMultiByte.KERNEL32(00000000,00000000,00AD121C,000000FF,00000000,0000003F,00000000,?,?), ref: 00A3BC09
                                                                                                                                                                                                                                                                                                                                                                            • WideCharToMultiByte.KERNEL32(00000000,00000000,00AD1270,000000FF,?,0000003F,00000000,?), ref: 00A3BC36
                                                                                                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 00A3BD4B
                                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2226104040.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226057028.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226471803.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226549313.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a00000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                                            • API ID: _free$ByteCharMultiWide$InformationTimeZone
                                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                                            • API String ID: 314583886-0
                                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 337d2ba9d7d35c2eefe436f37753afd75ab74d05a550daa4bf07ec30a994ac65
                                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: cc683b2ec0afd971cf16f4c8c46de76135f53e9973e88ea7eb524f9e9dc820f5
                                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 337d2ba9d7d35c2eefe436f37753afd75ab74d05a550daa4bf07ec30a994ac65
                                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D5C13671E14204AFCB20DF789D41BAABBBAEF45350F1441AAF695DB251EB308E42C770
                                                                                                                                                                                                                                                                                                                                                                            Function 00A6D3A9 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 91fileCOMMON
                                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00A03AA2: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,00A03A97,?,?,00A02E7F,?,?,?,00000000), ref: 00A03AC2
                                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00A6E199: GetFileAttributesW.KERNEL32(?,00A6CF95), ref: 00A6E19A
                                                                                                                                                                                                                                                                                                                                                                            • FindFirstFileW.KERNEL32(?,?), ref: 00A6D420
                                                                                                                                                                                                                                                                                                                                                                            • DeleteFileW.KERNEL32(?,?,?,?), ref: 00A6D470
                                                                                                                                                                                                                                                                                                                                                                            • FindNextFileW.KERNEL32(00000000,00000010), ref: 00A6D481
                                                                                                                                                                                                                                                                                                                                                                            • FindClose.KERNEL32(00000000), ref: 00A6D498
                                                                                                                                                                                                                                                                                                                                                                            • FindClose.KERNEL32(00000000), ref: 00A6D4A1
                                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2226104040.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226057028.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226471803.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226549313.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a00000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                                            • API ID: FileFind$Close$AttributesDeleteFirstFullNameNextPath
                                                                                                                                                                                                                                                                                                                                                                            • String ID: \*.*
                                                                                                                                                                                                                                                                                                                                                                            • API String ID: 2649000838-1173974218
                                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 8af70b5ad411c1fbdaaccf335ce3c9274d3bf61e955d533b3bb076b441721b32
                                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: c761fe50585831eeb19383369acf1d5d62247898e106155e963818a8e1d8dfad
                                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 8af70b5ad411c1fbdaaccf335ce3c9274d3bf61e955d533b3bb076b441721b32
                                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6A317E31508349ABC304EF64D9959AFB7B8AEA1354F444A1EF4D5931D1EF30AE09CB63
                                                                                                                                                                                                                                                                                                                                                                            Function 00A3E4FF Relevance: 10.1, APIs: 1, Strings: 4, Instructions: 1381COMMON
                                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2226104040.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226057028.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226471803.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226549313.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a00000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                                            • API ID: __floor_pentium4
                                                                                                                                                                                                                                                                                                                                                                            • String ID: 1#IND$1#INF$1#QNAN$1#SNAN
                                                                                                                                                                                                                                                                                                                                                                            • API String ID: 4168288129-2761157908
                                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 05eea638af8c737b05cddd3958ab0c91e3e0b7198e137ee2e821e86d478a1139
                                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 72fe6640faeb1650dcb490c15d966699d615cb56d551334843da0872e9ff3513
                                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 05eea638af8c737b05cddd3958ab0c91e3e0b7198e137ee2e821e86d478a1139
                                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: B8C23A71E186298FDB25CF28DD407EAB7B5EB49305F1441EAE84DE7281E774AE818F40
                                                                                                                                                                                                                                                                                                                                                                            Function 00A7648E Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 367comCOMMON
                                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 00A764DC
                                                                                                                                                                                                                                                                                                                                                                            • CoInitialize.OLE32(00000000), ref: 00A76639
                                                                                                                                                                                                                                                                                                                                                                            • CoCreateInstance.OLE32(00A9FCF8,00000000,00000001,00A9FB68,?), ref: 00A76650
                                                                                                                                                                                                                                                                                                                                                                            • CoUninitialize.OLE32 ref: 00A768D4
                                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2226104040.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226057028.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226471803.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226549313.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a00000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                                            • API ID: CreateInitializeInstanceUninitialize_wcslen
                                                                                                                                                                                                                                                                                                                                                                            • String ID: .lnk
                                                                                                                                                                                                                                                                                                                                                                            • API String ID: 886957087-24824748
                                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 67f468ab27ba076d946293aaf95820a6f17c27749911ffbc99b5e2bf99e7769b
                                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: c20675d3c7d2bb5341c0db9faae39a46688f4571bc4b751a136ae612757c4049
                                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 67f468ab27ba076d946293aaf95820a6f17c27749911ffbc99b5e2bf99e7769b
                                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: B7D14971508705AFD304EF24D981A6BB7E8FF98704F00896DF5998B292DB70ED09CB92
                                                                                                                                                                                                                                                                                                                                                                            Function 00A822DA Relevance: 9.1, APIs: 6, Instructions: 103COMMON
                                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                                            • GetForegroundWindow.USER32(?,?,00000000), ref: 00A822E8
                                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00A7E4EC: GetWindowRect.USER32(?,?), ref: 00A7E504
                                                                                                                                                                                                                                                                                                                                                                            • GetDesktopWindow.USER32 ref: 00A82312
                                                                                                                                                                                                                                                                                                                                                                            • GetWindowRect.USER32(00000000), ref: 00A82319
                                                                                                                                                                                                                                                                                                                                                                            • mouse_event.USER32(00008001,?,?,00000002,00000002), ref: 00A82355
                                                                                                                                                                                                                                                                                                                                                                            • GetCursorPos.USER32(?), ref: 00A82381
                                                                                                                                                                                                                                                                                                                                                                            • mouse_event.USER32(00008001,?,?,00000000,00000000), ref: 00A823DF
                                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2226104040.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226057028.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226471803.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226549313.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a00000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                                            • API ID: Window$Rectmouse_event$CursorDesktopForeground
                                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                                            • API String ID: 2387181109-0
                                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 06615c6784dd480777fbdc51f32a617cc44cdbcd014d5f29498abab5b3fe0271
                                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 203801514e02d8e13ac83caba65dd5d7319090402c0f9c62c08b763b9d3e984b
                                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 06615c6784dd480777fbdc51f32a617cc44cdbcd014d5f29498abab5b3fe0271
                                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: A331E372604315AFC720EF54C845F6BB7E9FF84710F00091AF9859B181DB34E909CB92
                                                                                                                                                                                                                                                                                                                                                                            Function 00A79B2B Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 119filesleepCOMMON
                                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00A09CB3: _wcslen.LIBCMT ref: 00A09CBD
                                                                                                                                                                                                                                                                                                                                                                            • FindFirstFileW.KERNEL32(00000001,?,*.*,?,?,00000000,00000000), ref: 00A79B78
                                                                                                                                                                                                                                                                                                                                                                            • FindClose.KERNEL32(00000000,?,00000000,00000000), ref: 00A79C8B
                                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00A73874: GetInputState.USER32 ref: 00A738CB
                                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00A73874: PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00A73966
                                                                                                                                                                                                                                                                                                                                                                            • Sleep.KERNEL32(0000000A,?,00000000,00000000), ref: 00A79BA8
                                                                                                                                                                                                                                                                                                                                                                            • FindNextFileW.KERNEL32(?,?,?,00000000,00000000), ref: 00A79C75
                                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2226104040.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226057028.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226471803.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226549313.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a00000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                                            • API ID: Find$File$CloseFirstInputMessageNextPeekSleepState_wcslen
                                                                                                                                                                                                                                                                                                                                                                            • String ID: *.*
                                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1972594611-438819550
                                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: bd65ffd4c1822e3a9a6d5541a791ec5d36b58f3b12db4d6d84dc2a5efeb3cc77
                                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: ce81f34bc8226e725baaf58b6617ed3107c54d36c69d32a26f3faafbb3e63233
                                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: bd65ffd4c1822e3a9a6d5541a791ec5d36b58f3b12db4d6d84dc2a5efeb3cc77
                                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: B2415E7190060AAFCF15DFA4DD95AEFBBB8EF05310F24C156E409A2191EB309E84CF61
                                                                                                                                                                                                                                                                                                                                                                            Function 00A1997D Relevance: 7.9, APIs: 5, Instructions: 375COMMON
                                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00A19BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00A19BB2
                                                                                                                                                                                                                                                                                                                                                                            • DefDlgProcW.USER32(?,?,?,?,?), ref: 00A19A4E
                                                                                                                                                                                                                                                                                                                                                                            • GetSysColor.USER32(0000000F), ref: 00A19B23
                                                                                                                                                                                                                                                                                                                                                                            • SetBkColor.GDI32(?,00000000), ref: 00A19B36
                                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2226104040.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226057028.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226471803.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226549313.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a00000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                                            • API ID: Color$LongProcWindow
                                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3131106179-0
                                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: cf28e923cfe8521f7856aa6d4cc752e5a525e17d1a84596a5250cabc659212a3
                                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: a8a9e65be283d2df8af743040be4f942121dcbd2f323bd9aa55ea1a240e20ec4
                                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: cf28e923cfe8521f7856aa6d4cc752e5a525e17d1a84596a5250cabc659212a3
                                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 94A13A70208414BEE725DB3CADB8DFF36EDEF46381B14010AF802D6591CA359D8AD272
                                                                                                                                                                                                                                                                                                                                                                            Function 00A81806 Relevance: 7.7, APIs: 5, Instructions: 153networkCOMMON
                                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00A8304E: inet_addr.WSOCK32(?,?,?,?,?,00000000), ref: 00A8307A
                                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00A8304E: _wcslen.LIBCMT ref: 00A8309B
                                                                                                                                                                                                                                                                                                                                                                            • socket.WSOCK32(00000002,00000002,00000011,?,?,00000000), ref: 00A8185D
                                                                                                                                                                                                                                                                                                                                                                            • WSAGetLastError.WSOCK32 ref: 00A81884
                                                                                                                                                                                                                                                                                                                                                                            • bind.WSOCK32(00000000,?,00000010), ref: 00A818DB
                                                                                                                                                                                                                                                                                                                                                                            • WSAGetLastError.WSOCK32 ref: 00A818E6
                                                                                                                                                                                                                                                                                                                                                                            • closesocket.WSOCK32(00000000), ref: 00A81915
                                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2226104040.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226057028.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226471803.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226549313.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a00000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                                            • API ID: ErrorLast$_wcslenbindclosesocketinet_addrsocket
                                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1601658205-0
                                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: dc1fde3901f8495dd6e46e88eb8c9ddd88af724c4410cdb08c4998d48d5d44d6
                                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 93c76d8c61df6a59e72af3c6e88f902f62194c04e0702dc9f6adc82254ac4ebb
                                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: dc1fde3901f8495dd6e46e88eb8c9ddd88af724c4410cdb08c4998d48d5d44d6
                                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0451C671A00204AFDB10EF64D986F6A77E5AB44718F048498F9065F3D3DB71AD82CBE1
                                                                                                                                                                                                                                                                                                                                                                            Function 00A91C41 Relevance: 7.6, APIs: 5, Instructions: 83windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2226104040.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226057028.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226471803.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226549313.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a00000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                                            • API ID: Window$EnabledForegroundIconicVisibleZoomed
                                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                                            • API String ID: 292994002-0
                                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: f7f8a688b3e8a767d166d4319ccd2d9bf8e1fd7520de78c7b1e019c2c1650cde
                                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 5a070d1f0d2e04be60df7504d3adbc50dc200f0380ff4a81dfabaae95c19d07e
                                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: f7f8a688b3e8a767d166d4319ccd2d9bf8e1fd7520de78c7b1e019c2c1650cde
                                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4121A4317806125FDB208F2AD884F6A7BE5EF95325F198069E846CB351DB71EC42CB90
                                                                                                                                                                                                                                                                                                                                                                            Function 00A08060 Relevance: 7.4, Strings: 5, Instructions: 1151COMMON
                                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2226104040.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226057028.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226471803.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226549313.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a00000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                                                                                                                            • String ID: ERCP$VUUU$VUUU$VUUU$VUUU
                                                                                                                                                                                                                                                                                                                                                                            • API String ID: 0-1546025612
                                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: edc4f238927e8856accc07e524383143250b972c5052221f58cd80aa3ba61a76
                                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: de6f712b2687357583e77d70d9b9a218ddf61e512383a0c94a65706ce9e2bf47
                                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: edc4f238927e8856accc07e524383143250b972c5052221f58cd80aa3ba61a76
                                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: EAA2B074E0061ECBDF24CF58D8407AEB7B1BF84310F2481AAE855AB285EB759D81CF95
                                                                                                                                                                                                                                                                                                                                                                            Function 00A6AA57 Relevance: 6.1, APIs: 4, Instructions: 107keyboardwindowCOMMON
                                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                                            • GetKeyboardState.USER32(?,00000001,00000040,00000000), ref: 00A6AAAC
                                                                                                                                                                                                                                                                                                                                                                            • SetKeyboardState.USER32(00000080), ref: 00A6AAC8
                                                                                                                                                                                                                                                                                                                                                                            • PostMessageW.USER32(?,00000102,00000001,00000001), ref: 00A6AB36
                                                                                                                                                                                                                                                                                                                                                                            • SendInput.USER32(00000001,?,0000001C,00000001,00000040,00000000), ref: 00A6AB88
                                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2226104040.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226057028.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226471803.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226549313.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a00000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                                            • API ID: KeyboardState$InputMessagePostSend
                                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                                            • API String ID: 432972143-0
                                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 9a3baf302f12c1989412153bb6e36dd0a2bbf6bc06fca394b77cc8a24574a760
                                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 70b33c26155c41b25e59f7032e3c27d8a90bb76fca780f962c5419d4d4ff4da2
                                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9a3baf302f12c1989412153bb6e36dd0a2bbf6bc06fca394b77cc8a24574a760
                                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1D31F430A40648AEFB35CB658C05BFE7BBAEB65320F04421BF591A61D1D7758D81CB62
                                                                                                                                                                                                                                                                                                                                                                            Function 00A7CE44 Relevance: 6.1, APIs: 4, Instructions: 75filenetworkCOMMON
                                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                                            • InternetReadFile.WININET(?,?,00000400,?), ref: 00A7CE89
                                                                                                                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,00000000), ref: 00A7CEEA
                                                                                                                                                                                                                                                                                                                                                                            • SetEvent.KERNEL32(?,?,00000000), ref: 00A7CEFE
                                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2226104040.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226057028.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226471803.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226549313.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a00000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                                            • API ID: ErrorEventFileInternetLastRead
                                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                                            • API String ID: 234945975-0
                                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 58ec462610557f04b89fdad6e36406f6898a850384882e3844fa6763b5850b03
                                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: d72aceda207dcb840fe8e5db94f25cff25c327f7417f405239877efd97e1c41b
                                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 58ec462610557f04b89fdad6e36406f6898a850384882e3844fa6763b5850b03
                                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3F219AB1600705ABEB20DFA5DD48BA7B7F8EB40364F10C42EE54A92151EB70EE458B64
                                                                                                                                                                                                                                                                                                                                                                            Function 00A68298 Relevance: 5.1, APIs: 1, Strings: 2, Instructions: 568stringCOMMON
                                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                                            • lstrlenW.KERNEL32(?,?,?,00000000), ref: 00A682AA
                                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2226104040.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226057028.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226471803.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226549313.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a00000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                                            • API ID: lstrlen
                                                                                                                                                                                                                                                                                                                                                                            • String ID: ($|
                                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1659193697-1631851259
                                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 2c7dbe0132ca27c45f28d8f4a017fbbd07df50c03c62147e155482daa500b3ba
                                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 16cfa3c30f9a02ef9e1ef5d5589739212289e2196a6812f0e7fa3049fbb41920
                                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2c7dbe0132ca27c45f28d8f4a017fbbd07df50c03c62147e155482daa500b3ba
                                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: B7323574A00605DFCB28CF59C080AAAB7F4FF48710B15C56EE59ADB3A1EB74E981CB40
                                                                                                                                                                                                                                                                                                                                                                            Function 00A75C97 Relevance: 4.6, APIs: 3, Instructions: 138fileCOMMON
                                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                                            • FindFirstFileW.KERNEL32(?,?), ref: 00A75CC1
                                                                                                                                                                                                                                                                                                                                                                            • FindNextFileW.KERNEL32(00000000,?), ref: 00A75D17
                                                                                                                                                                                                                                                                                                                                                                            • FindClose.KERNEL32(?), ref: 00A75D5F
                                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2226104040.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226057028.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226471803.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226549313.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a00000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                                            • API ID: Find$File$CloseFirstNext
                                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3541575487-0
                                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 58634215793ea64c684239ffd7047360b7b46d772b9e1aec642eba0faa6a22f6
                                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 01ff93a2070f710ce1475974ccf74431c687a5b3e87ce893c82544b9367b2529
                                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 58634215793ea64c684239ffd7047360b7b46d772b9e1aec642eba0faa6a22f6
                                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: C4519874A04A019FC714CF28D894A9AB7E4FF09324F14855EE95A8B3A2DB70FC04CB91
                                                                                                                                                                                                                                                                                                                                                                            Function 00A32622 Relevance: 4.6, APIs: 3, Instructions: 78COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                                            • IsDebuggerPresent.KERNEL32 ref: 00A3271A
                                                                                                                                                                                                                                                                                                                                                                            • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 00A32724
                                                                                                                                                                                                                                                                                                                                                                            • UnhandledExceptionFilter.KERNEL32(?), ref: 00A32731
                                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2226104040.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226057028.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226471803.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226549313.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a00000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                                            • API ID: ExceptionFilterUnhandled$DebuggerPresent
                                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3906539128-0
                                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 7713b1f5f60894e0394c2c73d76a76ea6c011e84e9648a57828367c3ecbd8f6a
                                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 81758ca0a71427e773f9808ce0d6a4fe4e61bc68011f750a0e1def995949f012
                                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 7713b1f5f60894e0394c2c73d76a76ea6c011e84e9648a57828367c3ecbd8f6a
                                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3931B774911228ABCB21DF68DD89BDDB7B8BF08310F5041EAE81CA7261E7309F818F45
                                                                                                                                                                                                                                                                                                                                                                            Function 00A751CD Relevance: 4.6, APIs: 3, Instructions: 76COMMON
                                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                                            • SetErrorMode.KERNEL32(00000001), ref: 00A751DA
                                                                                                                                                                                                                                                                                                                                                                            • GetDiskFreeSpaceExW.KERNEL32(?,?,?,?), ref: 00A75238
                                                                                                                                                                                                                                                                                                                                                                            • SetErrorMode.KERNEL32(00000000), ref: 00A752A1
                                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2226104040.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226057028.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226471803.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226549313.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a00000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                                            • API ID: ErrorMode$DiskFreeSpace
                                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1682464887-0
                                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 8cc925b51fd3d574ce22d5148f126bc43c532a361eec6935cec576088942bd8e
                                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 96ec4b32ac6f2f6e4b3d7101ff553530f550592a113f720787b3e165b273d8ec
                                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 8cc925b51fd3d574ce22d5148f126bc43c532a361eec6935cec576088942bd8e
                                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7B313075A00518DFDB00DF94D884EEDBBB4FF49314F148099E909AB3A2DB71E856CB91
                                                                                                                                                                                                                                                                                                                                                                            Function 00A616C3 Relevance: 4.6, APIs: 3, Instructions: 68COMMON
                                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00A1FDDB: __CxxThrowException@8.LIBVCRUNTIME ref: 00A20668
                                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00A1FDDB: __CxxThrowException@8.LIBVCRUNTIME ref: 00A20685
                                                                                                                                                                                                                                                                                                                                                                            • LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 00A6170D
                                                                                                                                                                                                                                                                                                                                                                            • AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 00A6173A
                                                                                                                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 00A6174A
                                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2226104040.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226057028.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226471803.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226549313.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a00000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                                            • API ID: Exception@8Throw$AdjustErrorLastLookupPrivilegePrivilegesTokenValue
                                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                                            • API String ID: 577356006-0
                                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: c2f1aff3f46d3786829ccc777865dd2d88db0f7727217dffda2e7cdf761aeb67
                                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: cafab7c012290eb4c5e0f622d441ddaf9217efa06ab582967898ffce393c76eb
                                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: c2f1aff3f46d3786829ccc777865dd2d88db0f7727217dffda2e7cdf761aeb67
                                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9D1191B2504304AFD718DF54EC86DABBBB9EB44764B24852EE05657641EB70BC418B60
                                                                                                                                                                                                                                                                                                                                                                            Function 00A6D5EB Relevance: 4.6, APIs: 3, Instructions: 58fileCOMMON
                                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                                            • CreateFileW.KERNEL32(?,00000080,00000003,00000000,00000003,00000080,00000000), ref: 00A6D608
                                                                                                                                                                                                                                                                                                                                                                            • DeviceIoControl.KERNEL32(00000000,002D1400,?,0000000C,?,00000028,?,00000000), ref: 00A6D645
                                                                                                                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(?,?,00000080,00000003,00000000,00000003,00000080,00000000), ref: 00A6D650
                                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2226104040.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226057028.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226471803.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226549313.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a00000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                                            • API ID: CloseControlCreateDeviceFileHandle
                                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                                            • API String ID: 33631002-0
                                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 5ea5cd7c6dce21e6b2a79d177525ca7337dbde20eacd7a1a11e0ee985318b88e
                                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: ac9f3fe9b2170a0bc570e220fc66162fdef2d61850da9a04a7a1b0f2e1604a62
                                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 5ea5cd7c6dce21e6b2a79d177525ca7337dbde20eacd7a1a11e0ee985318b88e
                                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 92115E75E05228BFDB10CF99DC45FAFBBBCEB45B60F108116F904E7290D6704A058BA1
                                                                                                                                                                                                                                                                                                                                                                            Function 00A61663 Relevance: 4.5, APIs: 3, Instructions: 40memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                                            • AllocateAndInitializeSid.ADVAPI32(?,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,?,?), ref: 00A6168C
                                                                                                                                                                                                                                                                                                                                                                            • CheckTokenMembership.ADVAPI32(00000000,?,?), ref: 00A616A1
                                                                                                                                                                                                                                                                                                                                                                            • FreeSid.ADVAPI32(?), ref: 00A616B1
                                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2226104040.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226057028.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226471803.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226549313.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a00000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                                            • API ID: AllocateCheckFreeInitializeMembershipToken
                                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3429775523-0
                                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 3f6f2c7a4ad22cd8067cb67ceff4b42224f498dbd45613d54a3d5d41ea9c1bea
                                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: bef22bac277665b4ddaa0c2da8afc33ffd77a0cc0b805f2c048d5d5bd0361bb4
                                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3f6f2c7a4ad22cd8067cb67ceff4b42224f498dbd45613d54a3d5d41ea9c1bea
                                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 82F0F475A50309FBDF00DFE4DD89AAEBBBCEB08614F504565E501E2191E774AA448A50
                                                                                                                                                                                                                                                                                                                                                                            Function 00A3C2A2 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 127COMMON
                                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2226104040.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226057028.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226471803.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226549313.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a00000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                                                                                                                            • String ID: /
                                                                                                                                                                                                                                                                                                                                                                            • API String ID: 0-2043925204
                                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: faa9f00f5286fd2e4aeea13a418b4a7fb511aa897b3070159a76abff94784bdd
                                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: bd8598bb8935783dcd53fd4b1a5a583f1b3f52cb1af926b7b2d56d35a5722ba7
                                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: faa9f00f5286fd2e4aeea13a418b4a7fb511aa897b3070159a76abff94784bdd
                                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 76413B765002196FCB20EFB9DC49EBBB7B8EB84324F104269F915EB180E670AD41CB50
                                                                                                                                                                                                                                                                                                                                                                            Function 00A2CAA0 Relevance: 3.5, APIs: 2, Instructions: 464COMMON
                                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2226104040.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226057028.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226471803.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226549313.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a00000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 2fbdbeface8d474e65e3d830227d731b015bc4fe83c76ff0107a9da6199ccf29
                                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: ae1d8de887f9af6c63cc42d0b1aff3a5a8ea30e897983a1cfacfe6d47d98466f
                                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2fbdbeface8d474e65e3d830227d731b015bc4fe83c76ff0107a9da6199ccf29
                                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: A4021E71E002299FDF14CFADD9806ADFBF1EF48324F254169D919E7344D731AA418B94
                                                                                                                                                                                                                                                                                                                                                                            Function 00A768EE Relevance: 3.1, APIs: 2, Instructions: 57fileCOMMON
                                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                                            • FindFirstFileW.KERNEL32(?,?), ref: 00A76918
                                                                                                                                                                                                                                                                                                                                                                            • FindClose.KERNEL32(00000000), ref: 00A76961
                                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2226104040.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226057028.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226471803.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226549313.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a00000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                                            • API ID: Find$CloseFileFirst
                                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                                            • API String ID: 2295610775-0
                                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: ad94bd443d98613fdbd439cc15a8a376ecb9a1feebfcd0dbe0a1df5f590e3edb
                                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 7d8dd749b2cdee99030c06fa98fed89ee74d4d463beaf497ee4df6d4f3b5ac28
                                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: ad94bd443d98613fdbd439cc15a8a376ecb9a1feebfcd0dbe0a1df5f590e3edb
                                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 501190716046019FC710DF69D884B16BBE5FF85328F14C6A9E5698F6A2CB30EC45CB91
                                                                                                                                                                                                                                                                                                                                                                            Function 00A737B5 Relevance: 3.0, APIs: 2, Instructions: 33windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(00000000,?,00000FFF,00000000,?,?,?,00A84891,?,?,00000035,?), ref: 00A737E4
                                                                                                                                                                                                                                                                                                                                                                            • FormatMessageW.KERNEL32(00001000,00000000,?,00000000,?,00000FFF,00000000,?,?,?,00A84891,?,?,00000035,?), ref: 00A737F4
                                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2226104040.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226057028.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226471803.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226549313.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a00000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                                            • API ID: ErrorFormatLastMessage
                                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3479602957-0
                                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: a229ebea0a2e28f66e1274f9c52aef577151e578953068837c79c5dfc3f0c763
                                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: c991a245bfd32c89a9b6ecf0b11cf528df9a5edbeedf6910bde9d09a0c3a6431
                                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a229ebea0a2e28f66e1274f9c52aef577151e578953068837c79c5dfc3f0c763
                                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 19F0E5B17042282AEB20A7A69D4DFEB7BAEEFC4771F004166F509D2281D9609945C6B0
                                                                                                                                                                                                                                                                                                                                                                            Function 00A6B226 Relevance: 3.0, APIs: 2, Instructions: 29keyboardCOMMON
                                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                                            • SendInput.USER32(00000001,?,0000001C,?,?,00000002), ref: 00A6B25D
                                                                                                                                                                                                                                                                                                                                                                            • keybd_event.USER32(?,75A8C0D0,?,00000000), ref: 00A6B270
                                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2226104040.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226057028.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226471803.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226549313.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a00000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                                            • API ID: InputSendkeybd_event
                                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3536248340-0
                                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 4f62fcc3e55e0973ec466033a65d74dc1ffa8723120befb3c5fa830a138cbb78
                                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 22a3c702433179d98331e9469d7fedb767e5eb2e33b6bfba126c508635076559
                                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4f62fcc3e55e0973ec466033a65d74dc1ffa8723120befb3c5fa830a138cbb78
                                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F3F06D7090428DABDB05CFA0C805BEE7BB0FF04315F00800AF951A5192C77982019FA4
                                                                                                                                                                                                                                                                                                                                                                            Function 00A610BF Relevance: 3.0, APIs: 2, Instructions: 24COMMON
                                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                                            • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000000,00000000,00000000,?,00A611FC), ref: 00A610D4
                                                                                                                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(?,?,00A611FC), ref: 00A610E9
                                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2226104040.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226057028.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226471803.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226549313.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a00000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                                            • API ID: AdjustCloseHandlePrivilegesToken
                                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                                            • API String ID: 81990902-0
                                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 408b7c3a84400b7e84b4fe4c844fca258e1f8b3df70ae59531f6636e991793ec
                                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 2503733a2e14bf1a104174b96e85aeaf9168eee7867e27c2abc26fd1fc2867b7
                                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 408b7c3a84400b7e84b4fe4c844fca258e1f8b3df70ae59531f6636e991793ec
                                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0FE04F32008640AEEB252B51FD05EB77BA9EB04320F14882EF5A5804B1DF626CE0DB10
                                                                                                                                                                                                                                                                                                                                                                            Function 00A0CAF0 Relevance: 1.9, Strings: 1, Instructions: 659COMMON
                                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                                            • Variable is not of type 'Object'., xrefs: 00A50C40
                                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2226104040.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226057028.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226471803.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226549313.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a00000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                                                                                                                            • String ID: Variable is not of type 'Object'.
                                                                                                                                                                                                                                                                                                                                                                            • API String ID: 0-1840281001
                                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 12486b94b4d7f2c84f2b9b44652122be2813e05c2bce20aef6d59acd2abbfacb
                                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: f9ad4a61b45dac28938f3ec9d4ba142203652b07f4180ddefe91cf6ba7e3a797
                                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 12486b94b4d7f2c84f2b9b44652122be2813e05c2bce20aef6d59acd2abbfacb
                                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: E932AA7090021CDBDF14DF90E991EEDB7B5BF05314F208259E806AB2D2DB35AE4ACB61
                                                                                                                                                                                                                                                                                                                                                                            Function 00A3676B Relevance: 1.8, APIs: 1, Instructions: 269COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                                            • RaiseException.KERNEL32(C000000D,00000000,00000001,?,?,00000008,?,?,00A36766,?,?,00000008,?,?,00A3FEFE,00000000), ref: 00A36998
                                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2226104040.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226057028.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226471803.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226549313.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a00000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                                            • API ID: ExceptionRaise
                                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3997070919-0
                                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 892d1cc29c31286d0412567438c41c851415fdcccff6685a6562a879bdc5989f
                                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 72197074161b3fda627a2718e9ee361849ab5f6b6f50a4c121101b44659bb75b
                                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 892d1cc29c31286d0412567438c41c851415fdcccff6685a6562a879bdc5989f
                                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 94B11771610609AFD719CF28C48AB657BB0FF49364F29C658F899CF2A2C735E991CB40
                                                                                                                                                                                                                                                                                                                                                                            Function 00A1B119 Relevance: 1.8, Strings: 1, Instructions: 511COMMON
                                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2226104040.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226057028.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226471803.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226549313.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a00000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                                            • API String ID: 0-3916222277
                                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 4bafa4c74f206d1001e9561f3f0a18dcbd3bb02d6ca7d0503a873e4fb53d82d7
                                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 709b777902c7062dfc75fc9365ed15f57095e3d2271b5b80eec599a5cdf6d0ac
                                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4bafa4c74f206d1001e9561f3f0a18dcbd3bb02d6ca7d0503a873e4fb53d82d7
                                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: C3127E75A10229DFDB14CF58C9806EEB7F5FF48310F14819AE849EB255EB349A85CBA0
                                                                                                                                                                                                                                                                                                                                                                            Function 00A7EAA2 Relevance: 1.5, APIs: 1, Instructions: 25keyboardCOMMON
                                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                                            • BlockInput.USER32(00000001), ref: 00A7EABD
                                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2226104040.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226057028.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226471803.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226549313.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a00000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                                            • API ID: BlockInput
                                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3456056419-0
                                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: d590014e92ea3ce0cbf839b378c9a304ef6d77101119feb1347cb1527037c55a
                                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 3fffc177f0480c529af6dc68129b7a1ebb333f94d5d98d0f013e0820e37bc7f9
                                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d590014e92ea3ce0cbf839b378c9a304ef6d77101119feb1347cb1527037c55a
                                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 43E01A312102049FC710EF59E904E9AB7E9AF987B0F00C456FD4AC7291DA70A8418BA1
                                                                                                                                                                                                                                                                                                                                                                            Function 00A209D5 Relevance: 1.5, APIs: 1, Instructions: 3COMMON
                                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                                            • SetUnhandledExceptionFilter.KERNEL32(Function_000209E1,00A203EE), ref: 00A209DA
                                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2226104040.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226057028.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226471803.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226549313.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a00000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                                            • API ID: ExceptionFilterUnhandled
                                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3192549508-0
                                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 03c5ebeebb505a73403c4755c212c92274d716d063093cb84834dcaf5533da5b
                                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: b25d9550704e17ee3b78264013852b7410dcbc45927524f751f9c67a0e4a7471
                                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 03c5ebeebb505a73403c4755c212c92274d716d063093cb84834dcaf5533da5b
                                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash:
                                                                                                                                                                                                                                                                                                                                                                            Function 00A2781B Relevance: 1.5, Strings: 1, Instructions: 214COMMON
                                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2226104040.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226057028.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226471803.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226549313.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a00000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                                                                                                                            • String ID: 0
                                                                                                                                                                                                                                                                                                                                                                            • API String ID: 0-4108050209
                                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 9084b4e029052128895840c3c28e948f6724b1d83b91d22a18243ac96ad56844
                                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 7e0900dcf94dfc432b0c39211e04a348e422927046d3c8accb176417e24a691d
                                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9084b4e029052128895840c3c28e948f6724b1d83b91d22a18243ac96ad56844
                                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2051657160D7355BDB38877CBA5ABBE23E99B02340F180539E982D7282CA15EFC1D352
                                                                                                                                                                                                                                                                                                                                                                            Function 00A36DD9 Relevance: .6, Instructions: 637COMMON
                                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2226104040.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226057028.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226471803.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226549313.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a00000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 867c22394bd36280889705be10a4cf30a4d1107b52c0c5b9263e2e6b3f5fc1f4
                                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: cf134811c8c2222e6372aceafef5df2de945b4b97fea2301750fbfe21172324f
                                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 867c22394bd36280889705be10a4cf30a4d1107b52c0c5b9263e2e6b3f5fc1f4
                                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D0321361D29F024DD7379638C82233AA649AFB73C5F15D727F81AB5DA6EB29C4C34200
                                                                                                                                                                                                                                                                                                                                                                            Function 00A1CC39 Relevance: .6, Instructions: 635COMMON
                                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2226104040.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226057028.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226471803.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226549313.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a00000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 83fc195d1a1998d543aaff46c728361404ddae1b71b161f8cdba876c4e32a19b
                                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 407976d5d7f55fb1a2abea5409aa0057d8ff30271969e026d35de61db8e245dd
                                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 83fc195d1a1998d543aaff46c728361404ddae1b71b161f8cdba876c4e32a19b
                                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: E1322732A003158FDF28CB69C4906BD7BB1FB45372F298166DC49DB699E234DD89DB80
                                                                                                                                                                                                                                                                                                                                                                            Function 00A07920 Relevance: .6, Instructions: 563COMMON
                                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2226104040.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226057028.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226471803.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226549313.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a00000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 60c305c527865a88334aa146d601572decf9df200c404f1c4e905ca019c011a8
                                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 593bad9e3c634257f4afefd47939a7fa6ebe28779bc0c3d9c3d8a997b9063c61
                                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 60c305c527865a88334aa146d601572decf9df200c404f1c4e905ca019c011a8
                                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: BF22BF74E04609DFDF14CFA4D981AAEB3F6FF44300F244629E816AB292EB35AD55CB50
                                                                                                                                                                                                                                                                                                                                                                            Function 00A091C0 Relevance: .5, Instructions: 475COMMON
                                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2226104040.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226057028.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226471803.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226549313.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a00000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 207b2469b5f13e57303377d7c003798059af5990e1c556286dabea5e0ed2519e
                                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 3a333357dc28fc112ee46b2bdf72d9da77d10267e0f3ac6e344d81fb358570a2
                                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 207b2469b5f13e57303377d7c003798059af5990e1c556286dabea5e0ed2519e
                                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: B502C5B5E00209EFDF04DF54D981AAEB7B5FF44340F118169E8169B2D1EB31AE61CB91
                                                                                                                                                                                                                                                                                                                                                                            Function 00A21C77 Relevance: .3, Instructions: 254COMMON
                                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2226104040.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226057028.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226471803.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226549313.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a00000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 93657a121f16255c59120ad0d08fdbba6372c273009ad596b4ecdf6e8f3c6909
                                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 9f63f09eed24a604170686eff54e0a245e1433b68c9a9ae7aff67c06088004f9
                                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 93657a121f16255c59120ad0d08fdbba6372c273009ad596b4ecdf6e8f3c6909
                                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F59146725080B34ADB2D473EA57447EFFE15AA23A131A07BED4F2CA1C5FE24D954D620
                                                                                                                                                                                                                                                                                                                                                                            Function 00A219B0 Relevance: .2, Instructions: 240COMMON
                                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2226104040.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226057028.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226471803.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226549313.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a00000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 40101273f58913c3cb3bc7eb54df01d47b4121c3e67d19f11ec2cb23d33ea445
                                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: c19ef142046ce809b5d94ee4eeb7d54e64f11c46b4b0399e15ef66394d47e176
                                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 40101273f58913c3cb3bc7eb54df01d47b4121c3e67d19f11ec2cb23d33ea445
                                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: A59121722090B34ADB2D477EA57443EFFF15AA23A231A07BED4F2CA1C5FE2485549620
                                                                                                                                                                                                                                                                                                                                                                            Function 00A27A4A Relevance: .2, Instructions: 237COMMON
                                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2226104040.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226057028.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226471803.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226549313.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a00000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 52144c55a5c3735529d48f3c121678d91d88ecf96de2cfe8a8ff28c48ca960ac
                                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 89cfa1fe507ba53a974280a90fd7f55e02b6e3b63650b5826a02fb4bf3129c6a
                                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 52144c55a5c3735529d48f3c121678d91d88ecf96de2cfe8a8ff28c48ca960ac
                                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: C661457120873996DF389B2CBAA6BBE23A5DF41750F20093AF843DB281DA15DF428355
                                                                                                                                                                                                                                                                                                                                                                            Function 00A27CA7 Relevance: .2, Instructions: 237COMMON
                                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2226104040.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226057028.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226471803.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226549313.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a00000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 39a3a0efe44d6d0ef0058cb215590d0cf3b383e254752051cd67706d68f81a83
                                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: a8902d56ba2f3431143b4edeb6dd37adbcc52c4febd15d30e67f48633c04372a
                                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 39a3a0efe44d6d0ef0058cb215590d0cf3b383e254752051cd67706d68f81a83
                                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5A617A7560873957DE388B2C7951BBF2394EF42700F100979F843DB681DA16EF428B66
                                                                                                                                                                                                                                                                                                                                                                            Function 00A21706 Relevance: .2, Instructions: 232COMMON
                                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2226104040.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226057028.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226471803.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226549313.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a00000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 70da388f96bbbf26b230a155b4728740b34f0d100ea60ab2bbadb9d7d0befbf0
                                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: e3a08d14102ee5b3585d34d173e957329c33639147aa5ffaf699d363cdb04fbc
                                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 70da388f96bbbf26b230a155b4728740b34f0d100ea60ab2bbadb9d7d0befbf0
                                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F48174726090B349DB6D473E957443EFFE15AA23A131A07BDD4F2CB1C1EE24CA54E660
                                                                                                                                                                                                                                                                                                                                                                            Function 00A72046 Relevance: .1, Instructions: 72COMMON
                                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2226104040.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226057028.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226471803.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226549313.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a00000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 2a67bcc82d19ef5a1b258104fd8971417df9c54bda69be35bcc7ab96f72d81f4
                                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: df0c11b0af2253074080a84eb35774a917fc20208708876ddf2140d9bd33b1c0
                                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2a67bcc82d19ef5a1b258104fd8971417df9c54bda69be35bcc7ab96f72d81f4
                                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: B22193326216118BDB28CF79C82277A73E5A764310F19CA2EE4A7C37D0DE35A905CB90
                                                                                                                                                                                                                                                                                                                                                                            Function 00A82ADE Relevance: 77.5, APIs: 40, Strings: 4, Instructions: 486filecommemoryCOMMON
                                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                                            • DeleteObject.GDI32(00000000), ref: 00A82B30
                                                                                                                                                                                                                                                                                                                                                                            • DeleteObject.GDI32(00000000), ref: 00A82B43
                                                                                                                                                                                                                                                                                                                                                                            • DestroyWindow.USER32 ref: 00A82B52
                                                                                                                                                                                                                                                                                                                                                                            • GetDesktopWindow.USER32 ref: 00A82B6D
                                                                                                                                                                                                                                                                                                                                                                            • GetWindowRect.USER32(00000000), ref: 00A82B74
                                                                                                                                                                                                                                                                                                                                                                            • SetRect.USER32(?,00000000,00000000,00000007,00000002), ref: 00A82CA3
                                                                                                                                                                                                                                                                                                                                                                            • AdjustWindowRectEx.USER32(?,88C00000,00000000,?), ref: 00A82CB1
                                                                                                                                                                                                                                                                                                                                                                            • CreateWindowExW.USER32(?,AutoIt v3,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00A82CF8
                                                                                                                                                                                                                                                                                                                                                                            • GetClientRect.USER32(00000000,?), ref: 00A82D04
                                                                                                                                                                                                                                                                                                                                                                            • CreateWindowExW.USER32(00000000,static,00000000,5000000E,00000000,00000000,?,?,00000000,00000000,00000000), ref: 00A82D40
                                                                                                                                                                                                                                                                                                                                                                            • CreateFileW.KERNEL32(?,80000000,00000000,00000000,00000003,00000000,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00A82D62
                                                                                                                                                                                                                                                                                                                                                                            • GetFileSize.KERNEL32(00000000,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00A82D75
                                                                                                                                                                                                                                                                                                                                                                            • GlobalAlloc.KERNEL32(00000002,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00A82D80
                                                                                                                                                                                                                                                                                                                                                                            • GlobalLock.KERNEL32(00000000), ref: 00A82D89
                                                                                                                                                                                                                                                                                                                                                                            • ReadFile.KERNEL32(00000000,00000000,00000000,?,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00A82D98
                                                                                                                                                                                                                                                                                                                                                                            • GlobalUnlock.KERNEL32(00000000), ref: 00A82DA1
                                                                                                                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00A82DA8
                                                                                                                                                                                                                                                                                                                                                                            • GlobalFree.KERNEL32(00000000), ref: 00A82DB3
                                                                                                                                                                                                                                                                                                                                                                            • CreateStreamOnHGlobal.OLE32(00000000,00000001,?,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00A82DC5
                                                                                                                                                                                                                                                                                                                                                                            • OleLoadPicture.OLEAUT32(?,00000000,00000000,00A9FC38,00000000), ref: 00A82DDB
                                                                                                                                                                                                                                                                                                                                                                            • GlobalFree.KERNEL32(00000000), ref: 00A82DEB
                                                                                                                                                                                                                                                                                                                                                                            • CopyImage.USER32(00000007,00000000,00000000,00000000,00002000), ref: 00A82E11
                                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,00000172,00000000,00000007), ref: 00A82E30
                                                                                                                                                                                                                                                                                                                                                                            • SetWindowPos.USER32(00000000,00000000,00000000,00000000,?,?,00000020,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00A82E52
                                                                                                                                                                                                                                                                                                                                                                            • ShowWindow.USER32(00000004,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00A8303F
                                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2226104040.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226057028.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226471803.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226549313.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a00000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                                            • API ID: Window$Global$CreateRect$File$DeleteFreeObject$AdjustAllocClientCloseCopyDesktopDestroyHandleImageLoadLockMessagePictureReadSendShowSizeStreamUnlock
                                                                                                                                                                                                                                                                                                                                                                            • String ID: $AutoIt v3$DISPLAY$static
                                                                                                                                                                                                                                                                                                                                                                            • API String ID: 2211948467-2373415609
                                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: cc5dbec8f350ca4eb34878ee44529f1d8f58a04ca86a090964757f59875af7e2
                                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 5fcbaf6f130b5423063d975f4884514cba3f98dfac21368e2df761ca957571b3
                                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: cc5dbec8f350ca4eb34878ee44529f1d8f58a04ca86a090964757f59875af7e2
                                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6B028075600208AFDB14DFA4DD89EAE7BB9FF48724F108159F915AB2A1DB70ED01CB60
                                                                                                                                                                                                                                                                                                                                                                            Function 00A970D5 Relevance: 49.8, APIs: 33, Instructions: 273COMMON
                                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                                            • SetTextColor.GDI32(?,00000000), ref: 00A9712F
                                                                                                                                                                                                                                                                                                                                                                            • GetSysColorBrush.USER32(0000000F), ref: 00A97160
                                                                                                                                                                                                                                                                                                                                                                            • GetSysColor.USER32(0000000F), ref: 00A9716C
                                                                                                                                                                                                                                                                                                                                                                            • SetBkColor.GDI32(?,000000FF), ref: 00A97186
                                                                                                                                                                                                                                                                                                                                                                            • SelectObject.GDI32(?,?), ref: 00A97195
                                                                                                                                                                                                                                                                                                                                                                            • InflateRect.USER32(?,000000FF,000000FF), ref: 00A971C0
                                                                                                                                                                                                                                                                                                                                                                            • GetSysColor.USER32(00000010), ref: 00A971C8
                                                                                                                                                                                                                                                                                                                                                                            • CreateSolidBrush.GDI32(00000000), ref: 00A971CF
                                                                                                                                                                                                                                                                                                                                                                            • FrameRect.USER32(?,?,00000000), ref: 00A971DE
                                                                                                                                                                                                                                                                                                                                                                            • DeleteObject.GDI32(00000000), ref: 00A971E5
                                                                                                                                                                                                                                                                                                                                                                            • InflateRect.USER32(?,000000FE,000000FE), ref: 00A97230
                                                                                                                                                                                                                                                                                                                                                                            • FillRect.USER32(?,?,?), ref: 00A97262
                                                                                                                                                                                                                                                                                                                                                                            • GetWindowLongW.USER32(?,000000F0), ref: 00A97284
                                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00A973E8: GetSysColor.USER32(00000012), ref: 00A97421
                                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00A973E8: SetTextColor.GDI32(?,?), ref: 00A97425
                                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00A973E8: GetSysColorBrush.USER32(0000000F), ref: 00A9743B
                                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00A973E8: GetSysColor.USER32(0000000F), ref: 00A97446
                                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00A973E8: GetSysColor.USER32(00000011), ref: 00A97463
                                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00A973E8: CreatePen.GDI32(00000000,00000001,00743C00), ref: 00A97471
                                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00A973E8: SelectObject.GDI32(?,00000000), ref: 00A97482
                                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00A973E8: SetBkColor.GDI32(?,00000000), ref: 00A9748B
                                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00A973E8: SelectObject.GDI32(?,?), ref: 00A97498
                                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00A973E8: InflateRect.USER32(?,000000FF,000000FF), ref: 00A974B7
                                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00A973E8: RoundRect.GDI32(?,?,?,?,?,00000005,00000005), ref: 00A974CE
                                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00A973E8: GetWindowLongW.USER32(00000000,000000F0), ref: 00A974DB
                                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2226104040.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226057028.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226471803.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226549313.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a00000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                                            • API ID: Color$Rect$Object$BrushInflateSelect$CreateLongTextWindow$DeleteFillFrameRoundSolid
                                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                                            • API String ID: 4124339563-0
                                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: f1127390aea8b3928a538001b160c3830835e6dd68c9131f04bae49db945b9ec
                                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 3f7f9339e4ef0f72ea0a67091e4994bf1b300b26e58dc3609c5159341ff447f3
                                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: f1127390aea8b3928a538001b160c3830835e6dd68c9131f04bae49db945b9ec
                                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F1A17E72218701AFDB01DFA4DC48A6F7BE9FB49330F100B1AF962961E1DB71E9458B61
                                                                                                                                                                                                                                                                                                                                                                            Function 00A18D85 Relevance: 47.7, APIs: 26, Strings: 1, Instructions: 480windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                                            • DestroyWindow.USER32(?,?), ref: 00A18E14
                                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00001308,?,00000000), ref: 00A56AC5
                                                                                                                                                                                                                                                                                                                                                                            • ImageList_Remove.COMCTL32(?,000000FF,?), ref: 00A56AFE
                                                                                                                                                                                                                                                                                                                                                                            • MoveWindow.USER32(?,?,?,?,?,00000000), ref: 00A56F43
                                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00A18F62: InvalidateRect.USER32(?,00000000,00000001,?,?,?,00A18BE8,?,00000000,?,?,?,?,00A18BBA,00000000,?), ref: 00A18FC5
                                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00001053), ref: 00A56F7F
                                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00001008,000000FF,00000000), ref: 00A56F96
                                                                                                                                                                                                                                                                                                                                                                            • ImageList_Destroy.COMCTL32(00000000,?), ref: 00A56FAC
                                                                                                                                                                                                                                                                                                                                                                            • ImageList_Destroy.COMCTL32(00000000,?), ref: 00A56FB7
                                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2226104040.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226057028.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226471803.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226549313.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a00000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                                            • API ID: DestroyImageList_MessageSend$Window$InvalidateMoveRectRemove
                                                                                                                                                                                                                                                                                                                                                                            • String ID: 0
                                                                                                                                                                                                                                                                                                                                                                            • API String ID: 2760611726-4108050209
                                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 2c79c71cbd7805ceceb42c04419673251181fae06c8f3c2f89c13b6bdaeb1617
                                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: fc790788acd74d2b997266692333efe736b260d53be0b484b331011eae99bec2
                                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2c79c71cbd7805ceceb42c04419673251181fae06c8f3c2f89c13b6bdaeb1617
                                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2912BE30601601EFDB25CF24C954BAAB7F1FB45312F94446AF885CB2A2CB35EC9ACB51
                                                                                                                                                                                                                                                                                                                                                                            Function 00A82711 Relevance: 45.8, APIs: 22, Strings: 4, Instructions: 330windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                                            • DestroyWindow.USER32(00000000), ref: 00A8273E
                                                                                                                                                                                                                                                                                                                                                                            • SystemParametersInfoW.USER32(00000030,00000000,?,00000000), ref: 00A8286A
                                                                                                                                                                                                                                                                                                                                                                            • SetRect.USER32(?,00000000,00000000,0000012C,?), ref: 00A828A9
                                                                                                                                                                                                                                                                                                                                                                            • AdjustWindowRectEx.USER32(?,88C00000,00000000,00000008), ref: 00A828B9
                                                                                                                                                                                                                                                                                                                                                                            • CreateWindowExW.USER32(00000008,AutoIt v3,?,88C00000,000000FF,?,?,?,00000000,00000000,00000000), ref: 00A82900
                                                                                                                                                                                                                                                                                                                                                                            • GetClientRect.USER32(00000000,?), ref: 00A8290C
                                                                                                                                                                                                                                                                                                                                                                            • CreateWindowExW.USER32(00000000,static,?,50000000,?,00000004,00000500,-00000017,00000000,00000000,00000000), ref: 00A82955
                                                                                                                                                                                                                                                                                                                                                                            • CreateDCW.GDI32(DISPLAY,00000000,00000000,00000000), ref: 00A82964
                                                                                                                                                                                                                                                                                                                                                                            • GetStockObject.GDI32(00000011), ref: 00A82974
                                                                                                                                                                                                                                                                                                                                                                            • SelectObject.GDI32(00000000,00000000), ref: 00A82978
                                                                                                                                                                                                                                                                                                                                                                            • GetTextFaceW.GDI32(00000000,00000040,?,?,50000000,?,00000004,00000500,-00000017,00000000,00000000,00000000,?,88C00000,000000FF,?), ref: 00A82988
                                                                                                                                                                                                                                                                                                                                                                            • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00A82991
                                                                                                                                                                                                                                                                                                                                                                            • DeleteDC.GDI32(00000000), ref: 00A8299A
                                                                                                                                                                                                                                                                                                                                                                            • CreateFontW.GDI32(00000000,00000000,00000000,00000000,00000258,00000000,00000000,00000000,00000001,00000004,00000000,00000002,00000000,?), ref: 00A829C6
                                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000030,00000000,00000001), ref: 00A829DD
                                                                                                                                                                                                                                                                                                                                                                            • CreateWindowExW.USER32(00000200,msctls_progress32,00000000,50000001,?,-0000001D,00000104,00000014,00000000,00000000,00000000), ref: 00A82A1D
                                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,00000401,00000000,00640000), ref: 00A82A31
                                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000404,00000001,00000000), ref: 00A82A42
                                                                                                                                                                                                                                                                                                                                                                            • CreateWindowExW.USER32(00000000,static,?,50000000,?,00000041,00000500,-00000027,00000000,00000000,00000000), ref: 00A82A77
                                                                                                                                                                                                                                                                                                                                                                            • GetStockObject.GDI32(00000011), ref: 00A82A82
                                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000030,00000000,?,50000000), ref: 00A82A8D
                                                                                                                                                                                                                                                                                                                                                                            • ShowWindow.USER32(00000004,?,50000000,?,00000004,00000500,-00000017,00000000,00000000,00000000,?,88C00000,000000FF,?,?,?), ref: 00A82A97
                                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2226104040.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226057028.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226471803.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226549313.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a00000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                                            • API ID: Window$Create$MessageSend$ObjectRect$Stock$AdjustCapsClientDeleteDestroyDeviceFaceFontInfoParametersSelectShowSystemText
                                                                                                                                                                                                                                                                                                                                                                            • String ID: AutoIt v3$DISPLAY$msctls_progress32$static
                                                                                                                                                                                                                                                                                                                                                                            • API String ID: 2910397461-517079104
                                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 93a7229a2e27c095e7cd8b8c09781008f352a8b2599986d85837fef097d82c8b
                                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 32f13957a632c7586e92548d0f8182c8c3cfd5bbeed83986cef9c83de6f2f6f6
                                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 93a7229a2e27c095e7cd8b8c09781008f352a8b2599986d85837fef097d82c8b
                                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7FB16D71A00619BFEB14DFA8DD49FAE7BA9EB08710F004115FA15EB2D0DB70AD41CBA4
                                                                                                                                                                                                                                                                                                                                                                            Function 00A74ADF Relevance: 45.7, APIs: 3, Strings: 23, Instructions: 191COMMON
                                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                                            • SetErrorMode.KERNEL32(00000001), ref: 00A74AED
                                                                                                                                                                                                                                                                                                                                                                            • GetDriveTypeW.KERNEL32(?,00A9CB68,?,\\.\,00A9CC08), ref: 00A74BCA
                                                                                                                                                                                                                                                                                                                                                                            • SetErrorMode.KERNEL32(00000000,00A9CB68,?,\\.\,00A9CC08), ref: 00A74D36
                                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2226104040.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226057028.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226471803.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226549313.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a00000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                                            • API ID: ErrorMode$DriveType
                                                                                                                                                                                                                                                                                                                                                                            • String ID: 1394$ATA$ATAPI$CDROM$Fibre$FileBackedVirtual$Fixed$MMC$Network$PhysicalDrive$RAID$RAMDisk$Removable$SAS$SATA$SCSI$SSA$SSD$USB$Unknown$Virtual$\\.\$iSCSI
                                                                                                                                                                                                                                                                                                                                                                            • API String ID: 2907320926-4222207086
                                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 143a5421841af1a43853704a53bfe8cbd179b9e88d11e495a05d94a87eacdf74
                                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 640e08b8a936a4e0a1e89b603b7c5eb8bc3ac1867f1fc095471360616e17db5c
                                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 143a5421841af1a43853704a53bfe8cbd179b9e88d11e495a05d94a87eacdf74
                                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 80618F31705509ABCB16DF28CE82E6977B0BF4C344B25C419F80AAB692DB35ED41DB51
                                                                                                                                                                                                                                                                                                                                                                            Function 00A973E8 Relevance: 39.2, APIs: 26, Instructions: 201windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                                            • GetSysColor.USER32(00000012), ref: 00A97421
                                                                                                                                                                                                                                                                                                                                                                            • SetTextColor.GDI32(?,?), ref: 00A97425
                                                                                                                                                                                                                                                                                                                                                                            • GetSysColorBrush.USER32(0000000F), ref: 00A9743B
                                                                                                                                                                                                                                                                                                                                                                            • GetSysColor.USER32(0000000F), ref: 00A97446
                                                                                                                                                                                                                                                                                                                                                                            • CreateSolidBrush.GDI32(?), ref: 00A9744B
                                                                                                                                                                                                                                                                                                                                                                            • GetSysColor.USER32(00000011), ref: 00A97463
                                                                                                                                                                                                                                                                                                                                                                            • CreatePen.GDI32(00000000,00000001,00743C00), ref: 00A97471
                                                                                                                                                                                                                                                                                                                                                                            • SelectObject.GDI32(?,00000000), ref: 00A97482
                                                                                                                                                                                                                                                                                                                                                                            • SetBkColor.GDI32(?,00000000), ref: 00A9748B
                                                                                                                                                                                                                                                                                                                                                                            • SelectObject.GDI32(?,?), ref: 00A97498
                                                                                                                                                                                                                                                                                                                                                                            • InflateRect.USER32(?,000000FF,000000FF), ref: 00A974B7
                                                                                                                                                                                                                                                                                                                                                                            • RoundRect.GDI32(?,?,?,?,?,00000005,00000005), ref: 00A974CE
                                                                                                                                                                                                                                                                                                                                                                            • GetWindowLongW.USER32(00000000,000000F0), ref: 00A974DB
                                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,0000000E,00000000,00000000), ref: 00A9752A
                                                                                                                                                                                                                                                                                                                                                                            • GetWindowTextW.USER32(00000000,00000000,00000001), ref: 00A97554
                                                                                                                                                                                                                                                                                                                                                                            • InflateRect.USER32(?,000000FD,000000FD), ref: 00A97572
                                                                                                                                                                                                                                                                                                                                                                            • DrawFocusRect.USER32(?,?), ref: 00A9757D
                                                                                                                                                                                                                                                                                                                                                                            • GetSysColor.USER32(00000011), ref: 00A9758E
                                                                                                                                                                                                                                                                                                                                                                            • SetTextColor.GDI32(?,00000000), ref: 00A97596
                                                                                                                                                                                                                                                                                                                                                                            • DrawTextW.USER32(?,00A970F5,000000FF,?,00000000), ref: 00A975A8
                                                                                                                                                                                                                                                                                                                                                                            • SelectObject.GDI32(?,?), ref: 00A975BF
                                                                                                                                                                                                                                                                                                                                                                            • DeleteObject.GDI32(?), ref: 00A975CA
                                                                                                                                                                                                                                                                                                                                                                            • SelectObject.GDI32(?,?), ref: 00A975D0
                                                                                                                                                                                                                                                                                                                                                                            • DeleteObject.GDI32(?), ref: 00A975D5
                                                                                                                                                                                                                                                                                                                                                                            • SetTextColor.GDI32(?,?), ref: 00A975DB
                                                                                                                                                                                                                                                                                                                                                                            • SetBkColor.GDI32(?,?), ref: 00A975E5
                                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2226104040.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226057028.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226471803.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226549313.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a00000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                                            • API ID: Color$Object$Text$RectSelect$BrushCreateDeleteDrawInflateWindow$FocusLongMessageRoundSendSolid
                                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1996641542-0
                                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: f6da3ac36912aaca3bfa1687b558b8d996cc316d6ad03dc2c5f8174fc8f79c76
                                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: af83de6b4bdddf7b1da171778d7ef182b1d95fc76f0caf9a5cfdf70d2c48096d
                                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: f6da3ac36912aaca3bfa1687b558b8d996cc316d6ad03dc2c5f8174fc8f79c76
                                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9F615F76A00618AFDF01DFA4DC49EEE7FB9EB08330F114116F915AB2A1DB749941CBA0
                                                                                                                                                                                                                                                                                                                                                                            Function 00A90FF3 Relevance: 37.0, APIs: 18, Strings: 3, Instructions: 284windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                                            • GetCursorPos.USER32(?), ref: 00A91128
                                                                                                                                                                                                                                                                                                                                                                            • GetDesktopWindow.USER32 ref: 00A9113D
                                                                                                                                                                                                                                                                                                                                                                            • GetWindowRect.USER32(00000000), ref: 00A91144
                                                                                                                                                                                                                                                                                                                                                                            • GetWindowLongW.USER32(?,000000F0), ref: 00A91199
                                                                                                                                                                                                                                                                                                                                                                            • DestroyWindow.USER32(?), ref: 00A911B9
                                                                                                                                                                                                                                                                                                                                                                            • CreateWindowExW.USER32(00000008,tooltips_class32,00000000,7FFFFFFD,80000000,80000000,80000000,80000000,00000000,00000000,00000000,00000000), ref: 00A911ED
                                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 00A9120B
                                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,00000418,00000000,?), ref: 00A9121D
                                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,00000421,?,?), ref: 00A91232
                                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,0000041D,00000000,00000000), ref: 00A91245
                                                                                                                                                                                                                                                                                                                                                                            • IsWindowVisible.USER32(00000000), ref: 00A912A1
                                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,00000412,00000000,D8F0D8F0), ref: 00A912BC
                                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,00000411,00000001,00000030), ref: 00A912D0
                                                                                                                                                                                                                                                                                                                                                                            • GetWindowRect.USER32(00000000,?), ref: 00A912E8
                                                                                                                                                                                                                                                                                                                                                                            • MonitorFromPoint.USER32(?,?,00000002), ref: 00A9130E
                                                                                                                                                                                                                                                                                                                                                                            • GetMonitorInfoW.USER32(00000000,?), ref: 00A91328
                                                                                                                                                                                                                                                                                                                                                                            • CopyRect.USER32(?,?), ref: 00A9133F
                                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,00000412,00000000), ref: 00A913AA
                                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2226104040.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226057028.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226471803.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226549313.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a00000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                                            • API ID: MessageSendWindow$Rect$Monitor$CopyCreateCursorDesktopDestroyFromInfoLongPointVisible
                                                                                                                                                                                                                                                                                                                                                                            • String ID: ($0$tooltips_class32
                                                                                                                                                                                                                                                                                                                                                                            • API String ID: 698492251-4156429822
                                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 0950119a250d4d1198f87dfcddfcfb42bf703d167cfcc5964123995ba6a1d8f0
                                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 3ec1c52be4f062f1a1a76b95e4f386659a67a63c15eb61983e9c1d324747ea47
                                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0950119a250d4d1198f87dfcddfcfb42bf703d167cfcc5964123995ba6a1d8f0
                                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4CB16B71604341AFDB00DF64D984B6BBBE4FF88354F00891DF99A9B2A1CB31E845CBA1
                                                                                                                                                                                                                                                                                                                                                                            Function 00A90241 Relevance: 35.4, APIs: 7, Strings: 13, Instructions: 391windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                                            • CharUpperBuffW.USER32(?,?), ref: 00A902E5
                                                                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 00A9031F
                                                                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 00A90389
                                                                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 00A903F1
                                                                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 00A90475
                                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00001032,00000000,00000000), ref: 00A904C5
                                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,0000102C,00000000,00000002), ref: 00A90504
                                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00A1F9F2: _wcslen.LIBCMT ref: 00A1F9FD
                                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00A6223F: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00A62258
                                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00A6223F: SendMessageW.USER32(?,0000102C,00000000,00000002), ref: 00A6228A
                                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2226104040.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226057028.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226471803.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226549313.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a00000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                                            • API ID: _wcslen$MessageSend$BuffCharUpper
                                                                                                                                                                                                                                                                                                                                                                            • String ID: DESELECT$FINDITEM$GETITEMCOUNT$GETSELECTED$GETSELECTEDCOUNT$GETSUBITEMCOUNT$GETTEXT$ISSELECTED$SELECT$SELECTALL$SELECTCLEAR$SELECTINVERT$VIEWCHANGE
                                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1103490817-719923060
                                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: a137fb47b92875a20b38a38d9d95ba719e96ed3f19f8204076880c40446ac872
                                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: bf3880c15d65e97cadaceffdd9621b15a239b27df79d519ffd6e48438a4e97df
                                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a137fb47b92875a20b38a38d9d95ba719e96ed3f19f8204076880c40446ac872
                                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: B9E1AD313082019FCB14DF24CA51D6EB7E6BFC8794B15896CF8969B2A1DB30ED45CB51
                                                                                                                                                                                                                                                                                                                                                                            Function 00A18891 Relevance: 33.5, APIs: 18, Strings: 1, Instructions: 282windowtimeCOMMON
                                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                                            • SystemParametersInfoW.USER32(00000030,00000000,000000FF,00000000), ref: 00A18968
                                                                                                                                                                                                                                                                                                                                                                            • GetSystemMetrics.USER32(00000007), ref: 00A18970
                                                                                                                                                                                                                                                                                                                                                                            • SystemParametersInfoW.USER32(00000030,00000000,000000FF,00000000), ref: 00A1899B
                                                                                                                                                                                                                                                                                                                                                                            • GetSystemMetrics.USER32(00000008), ref: 00A189A3
                                                                                                                                                                                                                                                                                                                                                                            • GetSystemMetrics.USER32(00000004), ref: 00A189C8
                                                                                                                                                                                                                                                                                                                                                                            • SetRect.USER32(000000FF,00000000,00000000,000000FF,000000FF), ref: 00A189E5
                                                                                                                                                                                                                                                                                                                                                                            • AdjustWindowRectEx.USER32(000000FF,?,00000000,?), ref: 00A189F5
                                                                                                                                                                                                                                                                                                                                                                            • CreateWindowExW.USER32(?,AutoIt v3 GUI,?,?,?,000000FF,000000FF,000000FF,?,00000000,00000000), ref: 00A18A28
                                                                                                                                                                                                                                                                                                                                                                            • SetWindowLongW.USER32(00000000,000000EB,00000000), ref: 00A18A3C
                                                                                                                                                                                                                                                                                                                                                                            • GetClientRect.USER32(00000000,000000FF), ref: 00A18A5A
                                                                                                                                                                                                                                                                                                                                                                            • GetStockObject.GDI32(00000011), ref: 00A18A76
                                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,00000030,00000000), ref: 00A18A81
                                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00A1912D: GetCursorPos.USER32(?), ref: 00A19141
                                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00A1912D: ScreenToClient.USER32(00000000,?), ref: 00A1915E
                                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00A1912D: GetAsyncKeyState.USER32(00000001), ref: 00A19183
                                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00A1912D: GetAsyncKeyState.USER32(00000002), ref: 00A1919D
                                                                                                                                                                                                                                                                                                                                                                            • SetTimer.USER32(00000000,00000000,00000028,00A190FC), ref: 00A18AA8
                                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2226104040.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226057028.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226471803.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226549313.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a00000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                                            • API ID: System$MetricsRectWindow$AsyncClientInfoParametersState$AdjustCreateCursorLongMessageObjectScreenSendStockTimer
                                                                                                                                                                                                                                                                                                                                                                            • String ID: AutoIt v3 GUI
                                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1458621304-248962490
                                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: c656caf091696f5d87c415d29564e1e612f0c6a410fe58cdf414f32dcc1d6a97
                                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 14241c0700f324783717bc43bacba3358e1944b3ced2026a4b50ea4f7ae18c76
                                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: c656caf091696f5d87c415d29564e1e612f0c6a410fe58cdf414f32dcc1d6a97
                                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 60B17F71A40209AFDF14DFA8DD55BEE3BB5FB48315F11421AFA16A7290DB34E841CB50
                                                                                                                                                                                                                                                                                                                                                                            Function 00A60D8B Relevance: 31.7, APIs: 21, Instructions: 202memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00A610F9: GetUserObjectSecurity.USER32(?,00000004,?,00000000,?), ref: 00A61114
                                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00A610F9: GetLastError.KERNEL32(?,00000000,00000000,?,?,00A60B9B,?,?,?), ref: 00A61120
                                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00A610F9: GetProcessHeap.KERNEL32(00000008,?,?,00000000,00000000,?,?,00A60B9B,?,?,?), ref: 00A6112F
                                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00A610F9: HeapAlloc.KERNEL32(00000000,?,00000000,00000000,?,?,00A60B9B,?,?,?), ref: 00A61136
                                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00A610F9: GetUserObjectSecurity.USER32(?,00000004,00000000,?,?), ref: 00A6114D
                                                                                                                                                                                                                                                                                                                                                                            • GetSecurityDescriptorDacl.ADVAPI32(?,?,?,?), ref: 00A60DF5
                                                                                                                                                                                                                                                                                                                                                                            • GetAclInformation.ADVAPI32(?,?,0000000C,00000002), ref: 00A60E29
                                                                                                                                                                                                                                                                                                                                                                            • GetLengthSid.ADVAPI32(?), ref: 00A60E40
                                                                                                                                                                                                                                                                                                                                                                            • GetAce.ADVAPI32(?,00000000,?), ref: 00A60E7A
                                                                                                                                                                                                                                                                                                                                                                            • AddAce.ADVAPI32(?,00000002,000000FF,?,?), ref: 00A60E96
                                                                                                                                                                                                                                                                                                                                                                            • GetLengthSid.ADVAPI32(?), ref: 00A60EAD
                                                                                                                                                                                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000008,00000008), ref: 00A60EB5
                                                                                                                                                                                                                                                                                                                                                                            • HeapAlloc.KERNEL32(00000000), ref: 00A60EBC
                                                                                                                                                                                                                                                                                                                                                                            • GetLengthSid.ADVAPI32(?,00000008,?), ref: 00A60EDD
                                                                                                                                                                                                                                                                                                                                                                            • CopySid.ADVAPI32(00000000), ref: 00A60EE4
                                                                                                                                                                                                                                                                                                                                                                            • AddAce.ADVAPI32(?,00000002,000000FF,00000000,?), ref: 00A60F13
                                                                                                                                                                                                                                                                                                                                                                            • SetSecurityDescriptorDacl.ADVAPI32(?,00000001,?,00000000), ref: 00A60F35
                                                                                                                                                                                                                                                                                                                                                                            • SetUserObjectSecurity.USER32(?,00000004,?), ref: 00A60F47
                                                                                                                                                                                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00A60F6E
                                                                                                                                                                                                                                                                                                                                                                            • HeapFree.KERNEL32(00000000), ref: 00A60F75
                                                                                                                                                                                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00A60F7E
                                                                                                                                                                                                                                                                                                                                                                            • HeapFree.KERNEL32(00000000), ref: 00A60F85
                                                                                                                                                                                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00A60F8E
                                                                                                                                                                                                                                                                                                                                                                            • HeapFree.KERNEL32(00000000), ref: 00A60F95
                                                                                                                                                                                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,?), ref: 00A60FA1
                                                                                                                                                                                                                                                                                                                                                                            • HeapFree.KERNEL32(00000000), ref: 00A60FA8
                                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00A61193: GetProcessHeap.KERNEL32(00000008,00A60BB1,?,00000000,?,00A60BB1,?), ref: 00A611A1
                                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00A61193: HeapAlloc.KERNEL32(00000000,?,00000000,?,00A60BB1,?), ref: 00A611A8
                                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00A61193: InitializeSecurityDescriptor.ADVAPI32(00000000,00000001,?,00000000,?,00A60BB1,?), ref: 00A611B7
                                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2226104040.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226057028.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226471803.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226549313.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a00000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                                            • API ID: Heap$Process$Security$Free$AllocDescriptorLengthObjectUser$Dacl$CopyErrorInformationInitializeLast
                                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                                            • API String ID: 4175595110-0
                                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: b6d637ee7c28f7cf2c801c81a0aca944e319e56542a9be87c6827d48ce69233f
                                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 6f4b3f874f666e640ae1eb9ca54952497292983d18c029a1e9bc186b401210e0
                                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: b6d637ee7c28f7cf2c801c81a0aca944e319e56542a9be87c6827d48ce69233f
                                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 87716B72A0021AABDF21DFA4DD44FAFBBB8FF05311F144215FA19E6191DB319945CB60
                                                                                                                                                                                                                                                                                                                                                                            Function 00A8C3B7 Relevance: 30.2, APIs: 11, Strings: 6, Instructions: 495registryCOMMON
                                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                                            • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 00A8C4BD
                                                                                                                                                                                                                                                                                                                                                                            • RegCreateKeyExW.ADVAPI32(?,?,00000000,00A9CC08,00000000,?,00000000,?,?), ref: 00A8C544
                                                                                                                                                                                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(00000000,00000000,00000000), ref: 00A8C5A4
                                                                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 00A8C5F4
                                                                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 00A8C66F
                                                                                                                                                                                                                                                                                                                                                                            • RegSetValueExW.ADVAPI32(00000001,?,00000000,00000001,?,?), ref: 00A8C6B2
                                                                                                                                                                                                                                                                                                                                                                            • RegSetValueExW.ADVAPI32(00000001,?,00000000,00000007,?,?), ref: 00A8C7C1
                                                                                                                                                                                                                                                                                                                                                                            • RegSetValueExW.ADVAPI32(00000001,?,00000000,0000000B,?,00000008), ref: 00A8C84D
                                                                                                                                                                                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(?), ref: 00A8C881
                                                                                                                                                                                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(00000000), ref: 00A8C88E
                                                                                                                                                                                                                                                                                                                                                                            • RegSetValueExW.ADVAPI32(00000001,?,00000000,00000003,00000000,00000000), ref: 00A8C960
                                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2226104040.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226057028.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226471803.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226549313.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a00000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                                            • API ID: Value$Close$_wcslen$ConnectCreateRegistry
                                                                                                                                                                                                                                                                                                                                                                            • String ID: REG_BINARY$REG_DWORD$REG_EXPAND_SZ$REG_MULTI_SZ$REG_QWORD$REG_SZ
                                                                                                                                                                                                                                                                                                                                                                            • API String ID: 9721498-966354055
                                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: d5a0371b781ab2a79ad33daf3a565d0f805d674290d5b257b199eb6bae0a3462
                                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 41156fcd1c0639a7d5594eebe839888cfa596c031367d82f338b76d1d798b20a
                                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d5a0371b781ab2a79ad33daf3a565d0f805d674290d5b257b199eb6bae0a3462
                                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 841258356042019FDB14EF14D991A2AB7E5EF88724F04889DF89A9B3A2DB31FD41CF91
                                                                                                                                                                                                                                                                                                                                                                            Function 00A9091E Relevance: 30.1, APIs: 6, Strings: 11, Instructions: 372windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                                            • CharUpperBuffW.USER32(?,?), ref: 00A909C6
                                                                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 00A90A01
                                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00001105,00000000,00000000), ref: 00A90A54
                                                                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 00A90A8A
                                                                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 00A90B06
                                                                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 00A90B81
                                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00A1F9F2: _wcslen.LIBCMT ref: 00A1F9FD
                                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00A62BE8: SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 00A62BFA
                                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2226104040.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226057028.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226471803.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226549313.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a00000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                                            • API ID: _wcslen$MessageSend$BuffCharUpper
                                                                                                                                                                                                                                                                                                                                                                            • String ID: CHECK$COLLAPSE$EXISTS$EXPAND$GETITEMCOUNT$GETSELECTED$GETTEXT$GETTOTALCOUNT$ISCHECKED$SELECT$UNCHECK
                                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1103490817-4258414348
                                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 495c734ac68a67ccb732c9940e650a3dca067721cab286c8969361329734b6a3
                                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: a3e3c5f6c445bc474ac77678cbd46397184c5ed9e8e7725c3757bb51b55aebfb
                                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 495c734ac68a67ccb732c9940e650a3dca067721cab286c8969361329734b6a3
                                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5EE189362087019FCB14EF28C550D6EB7E1BF98394B15895CF8969B3A2DB30ED85CB81
                                                                                                                                                                                                                                                                                                                                                                            Function 00A8C998 Relevance: 30.0, APIs: 7, Strings: 10, Instructions: 242COMMON
                                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2226104040.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226057028.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226471803.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226549313.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a00000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                                            • API ID: _wcslen$BuffCharUpper
                                                                                                                                                                                                                                                                                                                                                                            • String ID: HKCC$HKCR$HKCU$HKEY_CLASSES_ROOT$HKEY_CURRENT_CONFIG$HKEY_CURRENT_USER$HKEY_LOCAL_MACHINE$HKEY_USERS$HKLM$HKU
                                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1256254125-909552448
                                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: c5a1aebcd1fa55c18546e0cb63693d86c83a855054dbf8dbd96f5fcab39ebe75
                                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 08b00c51d10d24fa96da096fbd39108c10e79e8722bbe412eeb690e236a19bc4
                                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: c5a1aebcd1fa55c18546e0cb63693d86c83a855054dbf8dbd96f5fcab39ebe75
                                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7B71093260056A8BCB10FF7CDD41ABF73A2AB607B4B110529F8669B284E631CD45CBB0
                                                                                                                                                                                                                                                                                                                                                                            Function 00A9833C Relevance: 29.9, APIs: 14, Strings: 3, Instructions: 196windowlibraryCOMMON
                                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 00A9835A
                                                                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 00A9836E
                                                                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 00A98391
                                                                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 00A983B4
                                                                                                                                                                                                                                                                                                                                                                            • LoadImageW.USER32(00000000,?,00000001,?,?,00002010), ref: 00A983F2
                                                                                                                                                                                                                                                                                                                                                                            • LoadLibraryExW.KERNEL32(?,00000000,00000032,00000000,?,?,?,?,?,00A95BF2), ref: 00A9844E
                                                                                                                                                                                                                                                                                                                                                                            • LoadImageW.USER32(?,?,00000001,?,?,00000000), ref: 00A98487
                                                                                                                                                                                                                                                                                                                                                                            • LoadImageW.USER32(00000000,?,00000001,?,?,00000000), ref: 00A984CA
                                                                                                                                                                                                                                                                                                                                                                            • LoadImageW.USER32(?,?,00000001,?,?,00000000), ref: 00A98501
                                                                                                                                                                                                                                                                                                                                                                            • FreeLibrary.KERNEL32(?), ref: 00A9850D
                                                                                                                                                                                                                                                                                                                                                                            • ExtractIconExW.SHELL32(?,00000000,00000000,00000000,00000001), ref: 00A9851D
                                                                                                                                                                                                                                                                                                                                                                            • DestroyIcon.USER32(?,?,?,?,?,00A95BF2), ref: 00A9852C
                                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00000170,00000000,00000000), ref: 00A98549
                                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00000064,00000172,00000001), ref: 00A98555
                                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2226104040.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226057028.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226471803.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226549313.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a00000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                                            • API ID: Load$Image_wcslen$IconLibraryMessageSend$DestroyExtractFree
                                                                                                                                                                                                                                                                                                                                                                            • String ID: .dll$.exe$.icl
                                                                                                                                                                                                                                                                                                                                                                            • API String ID: 799131459-1154884017
                                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 30159a86830badc8db5311817f1c1524bfb2d8eb06617a4bec3b82cad6dac102
                                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: f11b7503d270f6273388500681dff064d031e796407b5ada5c90b0034aa75695
                                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 30159a86830badc8db5311817f1c1524bfb2d8eb06617a4bec3b82cad6dac102
                                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1F61DF71640619BBEF14DF64DC81BBE77A8BF09B21F10461AF815D60D1DF78A980CBA0
                                                                                                                                                                                                                                                                                                                                                                            Function 00A07778 Relevance: 28.3, APIs: 1, Strings: 15, Instructions: 273COMMON
                                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2226104040.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226057028.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226471803.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226549313.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a00000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                                                                                                                            • String ID: "$#OnAutoItStartRegister$#ce$#comments-end$#comments-start$#cs$#include$#include-once$#notrayicon$#pragma compile$#requireadmin$'$Bad directive syntax error$Cannot parse #include$Unterminated group of comments
                                                                                                                                                                                                                                                                                                                                                                            • API String ID: 0-1645009161
                                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 453d55a76721c96b9f3319eeb25f8f0d725ab86c211054ed7fb1c9b26f07d62b
                                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 62cfdfa419cf513a3e83cec80ab21a4ec8e4418b9ace0cdeee3524dbdb54f84a
                                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 453d55a76721c96b9f3319eeb25f8f0d725ab86c211054ed7fb1c9b26f07d62b
                                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3081D171F04609BFDB20AF64ED42FAE37A8AF95340F044425F905AA1D2EB74EA51C7A1
                                                                                                                                                                                                                                                                                                                                                                            Function 00A65A1B Relevance: 27.2, APIs: 18, Instructions: 198windowtimeCOMMON
                                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                                            • LoadIconW.USER32(00000063), ref: 00A65A2E
                                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00000080,00000000,00000000), ref: 00A65A40
                                                                                                                                                                                                                                                                                                                                                                            • SetWindowTextW.USER32(?,?), ref: 00A65A57
                                                                                                                                                                                                                                                                                                                                                                            • GetDlgItem.USER32(?,000003EA), ref: 00A65A6C
                                                                                                                                                                                                                                                                                                                                                                            • SetWindowTextW.USER32(00000000,?), ref: 00A65A72
                                                                                                                                                                                                                                                                                                                                                                            • GetDlgItem.USER32(?,000003E9), ref: 00A65A82
                                                                                                                                                                                                                                                                                                                                                                            • SetWindowTextW.USER32(00000000,?), ref: 00A65A88
                                                                                                                                                                                                                                                                                                                                                                            • SendDlgItemMessageW.USER32(?,000003E9,000000CC,?,00000000), ref: 00A65AA9
                                                                                                                                                                                                                                                                                                                                                                            • SendDlgItemMessageW.USER32(?,000003E9,000000C5,00000000,00000000), ref: 00A65AC3
                                                                                                                                                                                                                                                                                                                                                                            • GetWindowRect.USER32(?,?), ref: 00A65ACC
                                                                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 00A65B33
                                                                                                                                                                                                                                                                                                                                                                            • SetWindowTextW.USER32(?,?), ref: 00A65B6F
                                                                                                                                                                                                                                                                                                                                                                            • GetDesktopWindow.USER32 ref: 00A65B75
                                                                                                                                                                                                                                                                                                                                                                            • GetWindowRect.USER32(00000000), ref: 00A65B7C
                                                                                                                                                                                                                                                                                                                                                                            • MoveWindow.USER32(?,?,00000080,00000000,?,00000000), ref: 00A65BD3
                                                                                                                                                                                                                                                                                                                                                                            • GetClientRect.USER32(?,?), ref: 00A65BE0
                                                                                                                                                                                                                                                                                                                                                                            • PostMessageW.USER32(?,00000005,00000000,?), ref: 00A65C05
                                                                                                                                                                                                                                                                                                                                                                            • SetTimer.USER32(?,0000040A,00000000,00000000), ref: 00A65C2F
                                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2226104040.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226057028.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226471803.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226549313.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a00000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                                            • API ID: Window$ItemMessageText$RectSend$ClientDesktopIconLoadMovePostTimer_wcslen
                                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                                            • API String ID: 895679908-0
                                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 82023945c0ae4914d8d108f72dc0a6b7733dacf0a84234d6a5f7772c3d2f7748
                                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 126737e26e0ee25a87fbae65e8606e568a7b8d32559452c43db8f17bb7508738
                                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 82023945c0ae4914d8d108f72dc0a6b7733dacf0a84234d6a5f7772c3d2f7748
                                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 10716E31A00B09AFDB20DFB8CE85A6EBBF5FF48714F104519E542A25A0DB75E945CB50
                                                                                                                                                                                                                                                                                                                                                                            Function 00A200C6 Relevance: 26.3, APIs: 10, Strings: 5, Instructions: 81COMMON
                                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                                            • __scrt_initialize_thread_safe_statics_platform_specific.LIBCMT ref: 00A200C6
                                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00A200ED: InitializeCriticalSectionAndSpinCount.KERNEL32(00AD070C,00000FA0,D54E0293,?,?,?,?,00A423B3,000000FF), ref: 00A2011C
                                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00A200ED: GetModuleHandleW.KERNEL32(api-ms-win-core-synch-l1-2-0.dll,?,?,?,?,00A423B3,000000FF), ref: 00A20127
                                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00A200ED: GetModuleHandleW.KERNEL32(kernel32.dll,?,?,?,?,00A423B3,000000FF), ref: 00A20138
                                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00A200ED: GetProcAddress.KERNEL32(00000000,InitializeConditionVariable), ref: 00A2014E
                                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00A200ED: GetProcAddress.KERNEL32(00000000,SleepConditionVariableCS), ref: 00A2015C
                                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00A200ED: GetProcAddress.KERNEL32(00000000,WakeAllConditionVariable), ref: 00A2016A
                                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00A200ED: __crt_fast_encode_pointer.LIBVCRUNTIME ref: 00A20195
                                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00A200ED: __crt_fast_encode_pointer.LIBVCRUNTIME ref: 00A201A0
                                                                                                                                                                                                                                                                                                                                                                            • ___scrt_fastfail.LIBCMT ref: 00A200E7
                                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00A200A3: __onexit.LIBCMT ref: 00A200A9
                                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                                            • api-ms-win-core-synch-l1-2-0.dll, xrefs: 00A20122
                                                                                                                                                                                                                                                                                                                                                                            • InitializeConditionVariable, xrefs: 00A20148
                                                                                                                                                                                                                                                                                                                                                                            • kernel32.dll, xrefs: 00A20133
                                                                                                                                                                                                                                                                                                                                                                            • SleepConditionVariableCS, xrefs: 00A20154
                                                                                                                                                                                                                                                                                                                                                                            • WakeAllConditionVariable, xrefs: 00A20162
                                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2226104040.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226057028.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226471803.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226549313.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a00000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                                            • API ID: AddressProc$HandleModule__crt_fast_encode_pointer$CountCriticalInitializeSectionSpin___scrt_fastfail__onexit__scrt_initialize_thread_safe_statics_platform_specific
                                                                                                                                                                                                                                                                                                                                                                            • String ID: InitializeConditionVariable$SleepConditionVariableCS$WakeAllConditionVariable$api-ms-win-core-synch-l1-2-0.dll$kernel32.dll
                                                                                                                                                                                                                                                                                                                                                                            • API String ID: 66158676-1714406822
                                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 923c2c500a0c7b819d98ac7c0be7ca923c08a3e7b8ac87259aa9922c5f7b655c
                                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: e21eabcb038a89163e7badacffc25e8e5eadc6cbe580f83b608d845f873de5ab
                                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 923c2c500a0c7b819d98ac7c0be7ca923c08a3e7b8ac87259aa9922c5f7b655c
                                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0121D732745B207FEB109BB8BC06F6A73E4FB05B61F100637F806E6692DE6498008A94
                                                                                                                                                                                                                                                                                                                                                                            Function 00A630F7 Relevance: 24.9, APIs: 8, Strings: 6, Instructions: 400COMMON
                                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2226104040.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226057028.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226471803.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226549313.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a00000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                                            • API ID: _wcslen
                                                                                                                                                                                                                                                                                                                                                                            • String ID: CLASS$CLASSNN$INSTANCE$NAME$REGEXPCLASS$TEXT
                                                                                                                                                                                                                                                                                                                                                                            • API String ID: 176396367-1603158881
                                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: f18b4c264a1cf30d81a4741b2ff32e8c0e6698344042676f956faa01453d45fc
                                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: fb5b08b1d7123f28d83cd4c7a27cdd863cde679669d52d4ae61b0b02df083d24
                                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: f18b4c264a1cf30d81a4741b2ff32e8c0e6698344042676f956faa01453d45fc
                                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: C8E1A333E00526ABCF149F78C851BEEFBB4BF54710F558129E556A7240EF30AE868790
                                                                                                                                                                                                                                                                                                                                                                            Function 00A744C0 Relevance: 24.8, APIs: 7, Strings: 7, Instructions: 309COMMON
                                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                                            • CharLowerBuffW.USER32(00000000,00000000,00A9CC08), ref: 00A74527
                                                                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 00A7453B
                                                                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 00A74599
                                                                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 00A745F4
                                                                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 00A7463F
                                                                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 00A746A7
                                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00A1F9F2: _wcslen.LIBCMT ref: 00A1F9FD
                                                                                                                                                                                                                                                                                                                                                                            • GetDriveTypeW.KERNEL32(?,00AC6BF0,00000061), ref: 00A74743
                                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2226104040.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226057028.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226471803.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226549313.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a00000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                                            • API ID: _wcslen$BuffCharDriveLowerType
                                                                                                                                                                                                                                                                                                                                                                            • String ID: all$cdrom$fixed$network$ramdisk$removable$unknown
                                                                                                                                                                                                                                                                                                                                                                            • API String ID: 2055661098-1000479233
                                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: afae2be100ce06ef749d12a3fa56a0ee32bc0bd21e3ff478945663a8bd1223e7
                                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 7e7e60bb8e244bc2eaf9e351a07a2bb1f9274323bce96b2ef6dd5a8ad661738b
                                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: afae2be100ce06ef749d12a3fa56a0ee32bc0bd21e3ff478945663a8bd1223e7
                                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: A0B1D0716083029FC714DF28DD90A6AB7E5AFA9760F50CA2DF49AC7291D730DD44CB92
                                                                                                                                                                                                                                                                                                                                                                            Function 00A0326F Relevance: 23.0, APIs: 12, Strings: 1, Instructions: 214windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                                            • GetMenuItemCount.USER32(00AD1990), ref: 00A42F8D
                                                                                                                                                                                                                                                                                                                                                                            • GetMenuItemCount.USER32(00AD1990), ref: 00A4303D
                                                                                                                                                                                                                                                                                                                                                                            • GetCursorPos.USER32(?), ref: 00A43081
                                                                                                                                                                                                                                                                                                                                                                            • SetForegroundWindow.USER32(00000000), ref: 00A4308A
                                                                                                                                                                                                                                                                                                                                                                            • TrackPopupMenuEx.USER32(00AD1990,00000000,?,00000000,00000000,00000000), ref: 00A4309D
                                                                                                                                                                                                                                                                                                                                                                            • PostMessageW.USER32(00000000,00000000,00000000,00000000), ref: 00A430A9
                                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2226104040.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226057028.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226471803.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226549313.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a00000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                                            • API ID: Menu$CountItem$CursorForegroundMessagePopupPostTrackWindow
                                                                                                                                                                                                                                                                                                                                                                            • String ID: 0
                                                                                                                                                                                                                                                                                                                                                                            • API String ID: 36266755-4108050209
                                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: ad72dab62ecfce21a962fb3d5633d53ee416f9236571ac1030fa619ba521aa0c
                                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: cf8555d2fb521d243bb54a87ede5f810da84b5be15942a00a5dda8fe178d8bb5
                                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: ad72dab62ecfce21a962fb3d5633d53ee416f9236571ac1030fa619ba521aa0c
                                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6171F535640209BEEB21CF64DC49FAABF78FF45364F204216F625AA1E0C7B1A964CB50
                                                                                                                                                                                                                                                                                                                                                                            Function 00A96CD9 Relevance: 22.9, APIs: 11, Strings: 2, Instructions: 194windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                                            • DestroyWindow.USER32(00000000,?), ref: 00A96DEB
                                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00A06B57: _wcslen.LIBCMT ref: 00A06B6A
                                                                                                                                                                                                                                                                                                                                                                            • CreateWindowExW.USER32(00000008,tooltips_class32,00000000,?,80000000,80000000,80000000,80000000,?,00000000,00000000,?), ref: 00A96E5F
                                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,00000433,00000000,00000030), ref: 00A96E81
                                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 00A96E94
                                                                                                                                                                                                                                                                                                                                                                            • DestroyWindow.USER32(?), ref: 00A96EB5
                                                                                                                                                                                                                                                                                                                                                                            • CreateWindowExW.USER32(00000008,tooltips_class32,00000000,?,80000000,80000000,80000000,80000000,?,00000000,00A00000,00000000), ref: 00A96EE4
                                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 00A96EFD
                                                                                                                                                                                                                                                                                                                                                                            • GetDesktopWindow.USER32 ref: 00A96F16
                                                                                                                                                                                                                                                                                                                                                                            • GetWindowRect.USER32(00000000), ref: 00A96F1D
                                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,00000418,00000000,?), ref: 00A96F35
                                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,00000421,?,00000000), ref: 00A96F4D
                                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00A19944: GetWindowLongW.USER32(?,000000EB), ref: 00A19952
                                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2226104040.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226057028.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226471803.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226549313.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a00000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                                            • API ID: Window$MessageSend$CreateDestroy$DesktopLongRect_wcslen
                                                                                                                                                                                                                                                                                                                                                                            • String ID: 0$tooltips_class32
                                                                                                                                                                                                                                                                                                                                                                            • API String ID: 2429346358-3619404913
                                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: b379330980105531c7f2a19cbb5b88ff9535ba5982cf393b432f8a3b3bd0c76c
                                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 02cf44a45186eb80375c038aa394c3f3e3cfb80463f5222ab1936a24359f8964
                                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: b379330980105531c7f2a19cbb5b88ff9535ba5982cf393b432f8a3b3bd0c76c
                                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 72715674604244AFDB21CF68D954FBABBE9FF89314F44081EF989872A1DB74A906CB11
                                                                                                                                                                                                                                                                                                                                                                            Function 00A9911E Relevance: 22.9, APIs: 10, Strings: 3, Instructions: 181windowfileCOMMON
                                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00A19BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00A19BB2
                                                                                                                                                                                                                                                                                                                                                                            • DragQueryPoint.SHELL32(?,?), ref: 00A99147
                                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00A97674: ClientToScreen.USER32(?,?), ref: 00A9769A
                                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00A97674: GetWindowRect.USER32(?,?), ref: 00A97710
                                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00A97674: PtInRect.USER32(?,?,00A98B89), ref: 00A97720
                                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,000000B0,?,?), ref: 00A991B0
                                                                                                                                                                                                                                                                                                                                                                            • DragQueryFileW.SHELL32(?,000000FF,00000000,00000000), ref: 00A991BB
                                                                                                                                                                                                                                                                                                                                                                            • DragQueryFileW.SHELL32(?,00000000,?,00000104), ref: 00A991DE
                                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,000000C2,00000001,?), ref: 00A99225
                                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,000000B0,?,?), ref: 00A9923E
                                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,000000B1,?,?), ref: 00A99255
                                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,000000B1,?,?), ref: 00A99277
                                                                                                                                                                                                                                                                                                                                                                            • DragFinish.SHELL32(?), ref: 00A9927E
                                                                                                                                                                                                                                                                                                                                                                            • DefDlgProcW.USER32(?,00000233,?,00000000,?,?,?), ref: 00A99371
                                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2226104040.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226057028.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226471803.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226549313.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a00000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                                            • API ID: MessageSend$Drag$Query$FileRectWindow$ClientFinishLongPointProcScreen
                                                                                                                                                                                                                                                                                                                                                                            • String ID: @GUI_DRAGFILE$@GUI_DRAGID$@GUI_DROPID
                                                                                                                                                                                                                                                                                                                                                                            • API String ID: 221274066-3440237614
                                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 1d863bb03d76f1811a4a10e9ba69f8b739f2faf70a1783aa8ec867cea29bbc05
                                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: b7871a032a43a9a6b6968603f4d6094c2b930c4e65cfa36d91ce228d6774549e
                                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 1d863bb03d76f1811a4a10e9ba69f8b739f2faf70a1783aa8ec867cea29bbc05
                                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 12618A71208305AFD701DFA4DD85DAFBBE8FF89750F00091EF596961A1DB309A49CB62
                                                                                                                                                                                                                                                                                                                                                                            Function 00A7C476 Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 143networkCOMMON
                                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                                            • InternetConnectW.WININET(?,?,?,?,?,?,00000000,00000000), ref: 00A7C4B0
                                                                                                                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,00000003,?,?,?,?,?,?), ref: 00A7C4C3
                                                                                                                                                                                                                                                                                                                                                                            • SetEvent.KERNEL32(?,?,00000003,?,?,?,?,?,?), ref: 00A7C4D7
                                                                                                                                                                                                                                                                                                                                                                            • HttpOpenRequestW.WININET(00000000,00000000,?,00000000,00000000,00000000,?,00000000), ref: 00A7C4F0
                                                                                                                                                                                                                                                                                                                                                                            • InternetQueryOptionW.WININET(00000000,0000001F,?,?), ref: 00A7C533
                                                                                                                                                                                                                                                                                                                                                                            • InternetSetOptionW.WININET(00000000,0000001F,00000100,00000004), ref: 00A7C549
                                                                                                                                                                                                                                                                                                                                                                            • HttpSendRequestW.WININET(00000000,00000000,00000000,00000000,00000000), ref: 00A7C554
                                                                                                                                                                                                                                                                                                                                                                            • HttpQueryInfoW.WININET(00000000,00000005,?,?,?), ref: 00A7C584
                                                                                                                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,00000003,?,?,?,?,?,?), ref: 00A7C5DC
                                                                                                                                                                                                                                                                                                                                                                            • SetEvent.KERNEL32(?,?,00000003,?,?,?,?,?,?), ref: 00A7C5F0
                                                                                                                                                                                                                                                                                                                                                                            • InternetCloseHandle.WININET(00000000), ref: 00A7C5FB
                                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2226104040.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226057028.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226471803.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226549313.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a00000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                                            • API ID: Internet$Http$ErrorEventLastOptionQueryRequest$CloseConnectHandleInfoOpenSend
                                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3800310941-3916222277
                                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 0964fcd4c30bbe7588568707c60ef0f2394b300e1a8c18ca06f4884e5fe938bc
                                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 7c3cb4c23895b77348e46a12daf9f7dea79ed77f717e69f1bb325edab3feb819
                                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0964fcd4c30bbe7588568707c60ef0f2394b300e1a8c18ca06f4884e5fe938bc
                                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: E5512BB1640604BFDB21DFA4CD88AAB7BBCFB08764F00C51EF94A96250DB35E9459B60
                                                                                                                                                                                                                                                                                                                                                                            Function 00A9856F Relevance: 22.6, APIs: 15, Instructions: 131filecommemoryCOMMON
                                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                                            • CreateFileW.KERNEL32(?,80000000,00000000,00000000,00000003,00000000,00000000,00000000,?,?,?,?,?,00000000,?,000000EC), ref: 00A98592
                                                                                                                                                                                                                                                                                                                                                                            • GetFileSize.KERNEL32(00000000,00000000,?,?,?,?,00000000,?,000000EC,?,000000F0), ref: 00A985A2
                                                                                                                                                                                                                                                                                                                                                                            • GlobalAlloc.KERNEL32(00000002,00000000,?,?,?,?,00000000,?,000000EC,?,000000F0), ref: 00A985AD
                                                                                                                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000,?,?,?,?,00000000,?,000000EC,?,000000F0), ref: 00A985BA
                                                                                                                                                                                                                                                                                                                                                                            • GlobalLock.KERNEL32(00000000), ref: 00A985C8
                                                                                                                                                                                                                                                                                                                                                                            • ReadFile.KERNEL32(00000000,00000000,00000000,?,00000000,?,?,?,?,00000000,?,000000EC,?,000000F0), ref: 00A985D7
                                                                                                                                                                                                                                                                                                                                                                            • GlobalUnlock.KERNEL32(00000000), ref: 00A985E0
                                                                                                                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000,?,?,?,?,00000000,?,000000EC,?,000000F0), ref: 00A985E7
                                                                                                                                                                                                                                                                                                                                                                            • CreateStreamOnHGlobal.OLE32(00000000,00000001,000000F0,?,?,?,?,00000000,?,000000EC,?,000000F0), ref: 00A985F8
                                                                                                                                                                                                                                                                                                                                                                            • OleLoadPicture.OLEAUT32(000000F0,00000000,00000000,00A9FC38,?), ref: 00A98611
                                                                                                                                                                                                                                                                                                                                                                            • GlobalFree.KERNEL32(00000000), ref: 00A98621
                                                                                                                                                                                                                                                                                                                                                                            • GetObjectW.GDI32(?,00000018,?), ref: 00A98641
                                                                                                                                                                                                                                                                                                                                                                            • CopyImage.USER32(?,00000000,00000000,?,00002000), ref: 00A98671
                                                                                                                                                                                                                                                                                                                                                                            • DeleteObject.GDI32(?), ref: 00A98699
                                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00000172,00000000,00000000), ref: 00A986AF
                                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2226104040.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226057028.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226471803.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226549313.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a00000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                                            • API ID: Global$File$CloseCreateHandleObject$AllocCopyDeleteFreeImageLoadLockMessagePictureReadSendSizeStreamUnlock
                                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3840717409-0
                                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: eb0616e9812d361f23b378f35f575a1469561248b0e99421bd28eae44dcf0e7f
                                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: a4119cd520b732fc07e49e8cc16e0213d8ac4b1230fa4ff903c0e6efad490c43
                                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: eb0616e9812d361f23b378f35f575a1469561248b0e99421bd28eae44dcf0e7f
                                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6E411975700604AFDB11DFA5DD48EAA7BBCFF89721F108159F905EB260DB349902CB60
                                                                                                                                                                                                                                                                                                                                                                            Function 00A714BD Relevance: 21.4, APIs: 10, Strings: 2, Instructions: 360timeCOMMON
                                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                                            • VariantInit.OLEAUT32(00000000), ref: 00A71502
                                                                                                                                                                                                                                                                                                                                                                            • VariantCopy.OLEAUT32(?,?), ref: 00A7150B
                                                                                                                                                                                                                                                                                                                                                                            • VariantClear.OLEAUT32(?), ref: 00A71517
                                                                                                                                                                                                                                                                                                                                                                            • VariantTimeToSystemTime.OLEAUT32(?,?,?), ref: 00A715FB
                                                                                                                                                                                                                                                                                                                                                                            • VarR8FromDec.OLEAUT32(?,?), ref: 00A71657
                                                                                                                                                                                                                                                                                                                                                                            • VariantInit.OLEAUT32(?), ref: 00A71708
                                                                                                                                                                                                                                                                                                                                                                            • SysFreeString.OLEAUT32(?), ref: 00A7178C
                                                                                                                                                                                                                                                                                                                                                                            • VariantClear.OLEAUT32(?), ref: 00A717D8
                                                                                                                                                                                                                                                                                                                                                                            • VariantClear.OLEAUT32(?), ref: 00A717E7
                                                                                                                                                                                                                                                                                                                                                                            • VariantInit.OLEAUT32(00000000), ref: 00A71823
                                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2226104040.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226057028.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226471803.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226549313.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a00000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                                            • API ID: Variant$ClearInit$Time$CopyFreeFromStringSystem
                                                                                                                                                                                                                                                                                                                                                                            • String ID: %4d%02d%02d%02d%02d%02d$Default
                                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1234038744-3931177956
                                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: fe2ee92c6d92074704605e8724a9039b4d53c1902d13b3393cde0b84a60d999c
                                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 0351fb896dd781fb6d3e1f2a76c3d057fb773244402461cea81e1b7d3f892b0e
                                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: fe2ee92c6d92074704605e8724a9039b4d53c1902d13b3393cde0b84a60d999c
                                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: C0D1DD72A00615EBDF189F69E985BB9B7F9BF44704F14C05AE40AAB180DB30EC45DB62
                                                                                                                                                                                                                                                                                                                                                                            Function 00A8B60E Relevance: 21.3, APIs: 10, Strings: 2, Instructions: 285registrylibraryloaderCOMMON
                                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00A09CB3: _wcslen.LIBCMT ref: 00A09CBD
                                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00A8C998: CharUpperBuffW.USER32(?,?,?,?,?,?,?,00A8B6AE,?,?), ref: 00A8C9B5
                                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00A8C998: _wcslen.LIBCMT ref: 00A8C9F1
                                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00A8C998: _wcslen.LIBCMT ref: 00A8CA68
                                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00A8C998: _wcslen.LIBCMT ref: 00A8CA9E
                                                                                                                                                                                                                                                                                                                                                                            • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 00A8B6F4
                                                                                                                                                                                                                                                                                                                                                                            • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 00A8B772
                                                                                                                                                                                                                                                                                                                                                                            • RegDeleteValueW.ADVAPI32(?,?), ref: 00A8B80A
                                                                                                                                                                                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(?), ref: 00A8B87E
                                                                                                                                                                                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(?), ref: 00A8B89C
                                                                                                                                                                                                                                                                                                                                                                            • LoadLibraryA.KERNEL32(advapi32.dll), ref: 00A8B8F2
                                                                                                                                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,RegDeleteKeyExW), ref: 00A8B904
                                                                                                                                                                                                                                                                                                                                                                            • RegDeleteKeyW.ADVAPI32(?,?), ref: 00A8B922
                                                                                                                                                                                                                                                                                                                                                                            • FreeLibrary.KERNEL32(00000000), ref: 00A8B983
                                                                                                                                                                                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(00000000), ref: 00A8B994
                                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2226104040.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226057028.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226471803.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226549313.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a00000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                                            • API ID: _wcslen$Close$DeleteLibrary$AddressBuffCharConnectFreeLoadOpenProcRegistryUpperValue
                                                                                                                                                                                                                                                                                                                                                                            • String ID: RegDeleteKeyExW$advapi32.dll
                                                                                                                                                                                                                                                                                                                                                                            • API String ID: 146587525-4033151799
                                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 1955b49472e2d0fd8d9a2e439f7d8d7258c7d1844d87506d096144436a33db96
                                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: d63a972558fed6909e8bf41c9fba7855d8b9dd7b04c1121be5a5b8f8e0c47097
                                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 1955b49472e2d0fd8d9a2e439f7d8d7258c7d1844d87506d096144436a33db96
                                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4CC17E30214201AFD714EF24C495F2ABBE5BF84318F14855CF59A4B2A2CB75ED46CBA2
                                                                                                                                                                                                                                                                                                                                                                            Function 00A8255C Relevance: 21.2, APIs: 11, Strings: 1, Instructions: 169windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                                            • GetDC.USER32(00000000), ref: 00A825D8
                                                                                                                                                                                                                                                                                                                                                                            • CreateCompatibleBitmap.GDI32(00000000,?,?), ref: 00A825E8
                                                                                                                                                                                                                                                                                                                                                                            • CreateCompatibleDC.GDI32(?), ref: 00A825F4
                                                                                                                                                                                                                                                                                                                                                                            • SelectObject.GDI32(00000000,?), ref: 00A82601
                                                                                                                                                                                                                                                                                                                                                                            • StretchBlt.GDI32(?,00000000,00000000,?,?,?,00000006,?,?,?,00CC0020), ref: 00A8266D
                                                                                                                                                                                                                                                                                                                                                                            • GetDIBits.GDI32(?,?,00000000,00000000,00000000,00000028,00000000), ref: 00A826AC
                                                                                                                                                                                                                                                                                                                                                                            • GetDIBits.GDI32(?,?,00000000,?,00000000,00000028,00000000), ref: 00A826D0
                                                                                                                                                                                                                                                                                                                                                                            • SelectObject.GDI32(?,?), ref: 00A826D8
                                                                                                                                                                                                                                                                                                                                                                            • DeleteObject.GDI32(?), ref: 00A826E1
                                                                                                                                                                                                                                                                                                                                                                            • DeleteDC.GDI32(?), ref: 00A826E8
                                                                                                                                                                                                                                                                                                                                                                            • ReleaseDC.USER32(00000000,?), ref: 00A826F3
                                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2226104040.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226057028.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226471803.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226549313.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a00000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                                            • API ID: Object$BitsCompatibleCreateDeleteSelect$BitmapReleaseStretch
                                                                                                                                                                                                                                                                                                                                                                            • String ID: (
                                                                                                                                                                                                                                                                                                                                                                            • API String ID: 2598888154-3887548279
                                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 87295e9b02ffd34b2a85bd0aa4063682f9857a3b80268741e0243e4b17d0aa9e
                                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 1e1306cfc9693be822b026aa17600b9b0bd9b3bd5a82e55462cf30454a1187db
                                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 87295e9b02ffd34b2a85bd0aa4063682f9857a3b80268741e0243e4b17d0aa9e
                                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: AD61F375E00219EFCF14DFE8D984AAEBBB5FF48310F20852AE955A7250E770A941CF64
                                                                                                                                                                                                                                                                                                                                                                            Function 00A3DA5D Relevance: 19.6, APIs: 13, Instructions: 114COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                                            • ___free_lconv_mon.LIBCMT ref: 00A3DAA1
                                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00A3D63C: _free.LIBCMT ref: 00A3D659
                                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00A3D63C: _free.LIBCMT ref: 00A3D66B
                                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00A3D63C: _free.LIBCMT ref: 00A3D67D
                                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00A3D63C: _free.LIBCMT ref: 00A3D68F
                                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00A3D63C: _free.LIBCMT ref: 00A3D6A1
                                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00A3D63C: _free.LIBCMT ref: 00A3D6B3
                                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00A3D63C: _free.LIBCMT ref: 00A3D6C5
                                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00A3D63C: _free.LIBCMT ref: 00A3D6D7
                                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00A3D63C: _free.LIBCMT ref: 00A3D6E9
                                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00A3D63C: _free.LIBCMT ref: 00A3D6FB
                                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00A3D63C: _free.LIBCMT ref: 00A3D70D
                                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00A3D63C: _free.LIBCMT ref: 00A3D71F
                                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00A3D63C: _free.LIBCMT ref: 00A3D731
                                                                                                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 00A3DA96
                                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00A329C8: RtlFreeHeap.NTDLL(00000000,00000000,?,00A3D7D1,00000000,00000000,00000000,00000000,?,00A3D7F8,00000000,00000007,00000000,?,00A3DBF5,00000000), ref: 00A329DE
                                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00A329C8: GetLastError.KERNEL32(00000000,?,00A3D7D1,00000000,00000000,00000000,00000000,?,00A3D7F8,00000000,00000007,00000000,?,00A3DBF5,00000000,00000000), ref: 00A329F0
                                                                                                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 00A3DAB8
                                                                                                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 00A3DACD
                                                                                                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 00A3DAD8
                                                                                                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 00A3DAFA
                                                                                                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 00A3DB0D
                                                                                                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 00A3DB1B
                                                                                                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 00A3DB26
                                                                                                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 00A3DB5E
                                                                                                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 00A3DB65
                                                                                                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 00A3DB82
                                                                                                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 00A3DB9A
                                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2226104040.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226057028.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226471803.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226549313.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a00000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                                            • API ID: _free$ErrorFreeHeapLast___free_lconv_mon
                                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                                            • API String ID: 161543041-0
                                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: b93d9865debfbc1a363ab733d278cc2a6938834d255316bd56fe93c788bb87db
                                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 5a6f6b3f117df63b7113a7ead8bf854b9a67a749510ccf9038109eb62c73cb87
                                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: b93d9865debfbc1a363ab733d278cc2a6938834d255316bd56fe93c788bb87db
                                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: DF312732A04705DFEB22AF39FA45B5AB7E9FF40360F154469F459DB191DB31AC808B20
                                                                                                                                                                                                                                                                                                                                                                            Function 00A6365B Relevance: 19.5, APIs: 10, Strings: 1, Instructions: 267windowtimeCOMMON
                                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                                            • GetClassNameW.USER32(?,?,00000100), ref: 00A6369C
                                                                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 00A636A7
                                                                                                                                                                                                                                                                                                                                                                            • SendMessageTimeoutW.USER32(?,?,00000101,00000000,00000002,00001388,?), ref: 00A63797
                                                                                                                                                                                                                                                                                                                                                                            • GetClassNameW.USER32(?,?,00000400), ref: 00A6380C
                                                                                                                                                                                                                                                                                                                                                                            • GetDlgCtrlID.USER32(?), ref: 00A6385D
                                                                                                                                                                                                                                                                                                                                                                            • GetWindowRect.USER32(?,?), ref: 00A63882
                                                                                                                                                                                                                                                                                                                                                                            • GetParent.USER32(?), ref: 00A638A0
                                                                                                                                                                                                                                                                                                                                                                            • ScreenToClient.USER32(00000000), ref: 00A638A7
                                                                                                                                                                                                                                                                                                                                                                            • GetClassNameW.USER32(?,?,00000100), ref: 00A63921
                                                                                                                                                                                                                                                                                                                                                                            • GetWindowTextW.USER32(?,?,00000400), ref: 00A6395D
                                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2226104040.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226057028.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226471803.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226549313.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a00000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                                            • API ID: ClassName$Window$ClientCtrlMessageParentRectScreenSendTextTimeout_wcslen
                                                                                                                                                                                                                                                                                                                                                                            • String ID: %s%u
                                                                                                                                                                                                                                                                                                                                                                            • API String ID: 4010501982-679674701
                                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 0dbe0b79d7e4196d8ab553bb497eac9d7c3fd4e1e68ce7fe8b333a4f092f1efc
                                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: be1fe28d35fc2dbdb7ff8ec8423c5fdd3129afdfe577a07ce30eed5c424c204e
                                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0dbe0b79d7e4196d8ab553bb497eac9d7c3fd4e1e68ce7fe8b333a4f092f1efc
                                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0991B172204706AFDB19DF64C895BEAB7B8FF44350F008529F99AC6190DB30EA46CB91
                                                                                                                                                                                                                                                                                                                                                                            Function 00A64954 Relevance: 19.5, APIs: 10, Strings: 1, Instructions: 253COMMON
                                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                                            • GetClassNameW.USER32(?,?,00000400), ref: 00A64994
                                                                                                                                                                                                                                                                                                                                                                            • GetWindowTextW.USER32(?,?,00000400), ref: 00A649DA
                                                                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 00A649EB
                                                                                                                                                                                                                                                                                                                                                                            • CharUpperBuffW.USER32(?,00000000), ref: 00A649F7
                                                                                                                                                                                                                                                                                                                                                                            • _wcsstr.LIBVCRUNTIME ref: 00A64A2C
                                                                                                                                                                                                                                                                                                                                                                            • GetClassNameW.USER32(00000018,?,00000400), ref: 00A64A64
                                                                                                                                                                                                                                                                                                                                                                            • GetWindowTextW.USER32(?,?,00000400), ref: 00A64A9D
                                                                                                                                                                                                                                                                                                                                                                            • GetClassNameW.USER32(00000018,?,00000400), ref: 00A64AE6
                                                                                                                                                                                                                                                                                                                                                                            • GetClassNameW.USER32(?,?,00000400), ref: 00A64B20
                                                                                                                                                                                                                                                                                                                                                                            • GetWindowRect.USER32(?,?), ref: 00A64B8B
                                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2226104040.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226057028.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226471803.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226549313.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a00000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                                            • API ID: ClassName$Window$Text$BuffCharRectUpper_wcslen_wcsstr
                                                                                                                                                                                                                                                                                                                                                                            • String ID: ThumbnailClass
                                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1311036022-1241985126
                                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 13d6cfa761ad8c73ee10433c2f0dd37cb9ca7a18a532e21160e6907900f57342
                                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: c75509d0ea4448aaa1a4badbe9d65717f99de2f5434cb4c5b7da586de3b3ea3b
                                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 13d6cfa761ad8c73ee10433c2f0dd37cb9ca7a18a532e21160e6907900f57342
                                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1991EE72104205AFDB04CF54C981BAA7BF8FF88354F04846AFE859A196DB30ED45CBA1
                                                                                                                                                                                                                                                                                                                                                                            Function 00A98D0E Relevance: 19.5, APIs: 10, Strings: 1, Instructions: 221windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00A19BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00A19BB2
                                                                                                                                                                                                                                                                                                                                                                            • PostMessageW.USER32(?,00000111,00000000,00000000), ref: 00A98D5A
                                                                                                                                                                                                                                                                                                                                                                            • GetFocus.USER32 ref: 00A98D6A
                                                                                                                                                                                                                                                                                                                                                                            • GetDlgCtrlID.USER32(00000000), ref: 00A98D75
                                                                                                                                                                                                                                                                                                                                                                            • DefDlgProcW.USER32(?,00000111,?,?,00000000,?,?,?,?,?,?,?), ref: 00A98E1D
                                                                                                                                                                                                                                                                                                                                                                            • GetMenuItemInfoW.USER32(?,00000000,00000000,?), ref: 00A98ECF
                                                                                                                                                                                                                                                                                                                                                                            • GetMenuItemCount.USER32(?), ref: 00A98EEC
                                                                                                                                                                                                                                                                                                                                                                            • GetMenuItemID.USER32(?,00000000), ref: 00A98EFC
                                                                                                                                                                                                                                                                                                                                                                            • GetMenuItemInfoW.USER32(?,-00000001,00000001,?), ref: 00A98F2E
                                                                                                                                                                                                                                                                                                                                                                            • GetMenuItemInfoW.USER32(?,?,00000001,?), ref: 00A98F70
                                                                                                                                                                                                                                                                                                                                                                            • CheckMenuRadioItem.USER32(?,00000000,?,00000000,00000400), ref: 00A98FA1
                                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2226104040.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226057028.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226471803.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226549313.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a00000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                                            • API ID: ItemMenu$Info$CheckCountCtrlFocusLongMessagePostProcRadioWindow
                                                                                                                                                                                                                                                                                                                                                                            • String ID: 0
                                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1026556194-4108050209
                                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 07f0d0b3c7b7fa6317e4937177323e64534c5661941dc4869cb604a84416c4da
                                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 829ffd7dd2f21bf99732e8e41282d2e2c55e5c6490cd768989d0be47b221ce3d
                                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 07f0d0b3c7b7fa6317e4937177323e64534c5661941dc4869cb604a84416c4da
                                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8A81AE71608311AFDF10CF24D984AAB7BE9FF8A764F14091EF98597291DB38D901CBA1
                                                                                                                                                                                                                                                                                                                                                                            Function 00A6DC0E Relevance: 19.4, APIs: 6, Strings: 5, Instructions: 178COMMON
                                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                                            • GetFileVersionInfoSizeW.VERSION(?,?), ref: 00A6DC20
                                                                                                                                                                                                                                                                                                                                                                            • GetFileVersionInfoW.VERSION(?,00000000,00000000,00000000,?,?), ref: 00A6DC46
                                                                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 00A6DC50
                                                                                                                                                                                                                                                                                                                                                                            • _wcsstr.LIBVCRUNTIME ref: 00A6DCA0
                                                                                                                                                                                                                                                                                                                                                                            • VerQueryValueW.VERSION(?,\VarFileInfo\Translation,?,?,?,?,?,?,00000000,?,?), ref: 00A6DCBC
                                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2226104040.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226057028.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226471803.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226549313.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a00000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                                            • API ID: FileInfoVersion$QuerySizeValue_wcslen_wcsstr
                                                                                                                                                                                                                                                                                                                                                                            • String ID: %u.%u.%u.%u$04090000$DefaultLangCodepage$StringFileInfo\$\VarFileInfo\Translation
                                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1939486746-1459072770
                                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 20fe0fc7981fa704a15d1f2259fe14985d2a8f9952d6826bb7aa6ba23c1c4ffe
                                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: d062fb61ac710704dafddb59b9c2fcd9feb0460107f231b24558612a5e5a1120
                                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 20fe0fc7981fa704a15d1f2259fe14985d2a8f9952d6826bb7aa6ba23c1c4ffe
                                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1D41F232A40214BADB10BB78ED43EFF77BCEF45760F14046AF900A6182EB749A0187A4
                                                                                                                                                                                                                                                                                                                                                                            Function 00A8CC34 Relevance: 19.4, APIs: 9, Strings: 2, Instructions: 104registryCOMMON
                                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                                            • RegEnumKeyExW.ADVAPI32(?,00000000,?,000000FF,00000000,00000000,00000000,?,?,?,00000000), ref: 00A8CC64
                                                                                                                                                                                                                                                                                                                                                                            • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?,?,?,00000000), ref: 00A8CC8D
                                                                                                                                                                                                                                                                                                                                                                            • FreeLibrary.KERNEL32(00000000,?,?,00000000), ref: 00A8CD48
                                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00A8CC34: RegCloseKey.ADVAPI32(?,?,?,00000000), ref: 00A8CCAA
                                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00A8CC34: LoadLibraryA.KERNEL32(advapi32.dll,?,?,00000000), ref: 00A8CCBD
                                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00A8CC34: GetProcAddress.KERNEL32(00000000,RegDeleteKeyExW), ref: 00A8CCCF
                                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00A8CC34: FreeLibrary.KERNEL32(00000000,?,?,00000000), ref: 00A8CD05
                                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00A8CC34: RegEnumKeyExW.ADVAPI32(?,00000000,?,000000FF,00000000,00000000,00000000,?,?,?,00000000), ref: 00A8CD28
                                                                                                                                                                                                                                                                                                                                                                            • RegDeleteKeyW.ADVAPI32(?,?), ref: 00A8CCF3
                                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2226104040.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226057028.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226471803.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226549313.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a00000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                                            • API ID: Library$EnumFree$AddressCloseDeleteLoadOpenProc
                                                                                                                                                                                                                                                                                                                                                                            • String ID: RegDeleteKeyExW$advapi32.dll
                                                                                                                                                                                                                                                                                                                                                                            • API String ID: 2734957052-4033151799
                                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: f6d44055cbfeb60f145bedddc85cb6c0b3c4bf68e901ad86c2b36d7669bebdd8
                                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 99bd824d0e0e7e3a3be4223593a06c78f13877c76b2c76a82845e65774a46ab7
                                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: f6d44055cbfeb60f145bedddc85cb6c0b3c4bf68e901ad86c2b36d7669bebdd8
                                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 803160B1A01129BBDB20EB95DC88EFFBB7CEF45760F000166A905E3150DA749A46DFB0
                                                                                                                                                                                                                                                                                                                                                                            Function 00A73D1E Relevance: 19.4, APIs: 8, Strings: 3, Instructions: 101fileCOMMON
                                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                                            • GetFullPathNameW.KERNEL32(?,00007FFF,?,?), ref: 00A73D40
                                                                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 00A73D6D
                                                                                                                                                                                                                                                                                                                                                                            • CreateDirectoryW.KERNEL32(?,00000000), ref: 00A73D9D
                                                                                                                                                                                                                                                                                                                                                                            • CreateFileW.KERNEL32(?,40000000,00000000,00000000,00000003,02200000,00000000), ref: 00A73DBE
                                                                                                                                                                                                                                                                                                                                                                            • RemoveDirectoryW.KERNEL32(?), ref: 00A73DCE
                                                                                                                                                                                                                                                                                                                                                                            • DeviceIoControl.KERNEL32(00000000,000900A4,?,?,00000000,00000000,?,00000000), ref: 00A73E55
                                                                                                                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 00A73E60
                                                                                                                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 00A73E6B
                                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2226104040.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226057028.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226471803.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226549313.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a00000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                                            • API ID: CloseCreateDirectoryHandle$ControlDeviceFileFullNamePathRemove_wcslen
                                                                                                                                                                                                                                                                                                                                                                            • String ID: :$\$\??\%s
                                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1149970189-3457252023
                                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: bce8975ea4260902d3188bfe979235800b84acabe54a4a0990263e245e0602fb
                                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 495915dd1e2d4a695d0d59a57a969e6c9c5ebaacde8238dabd5bfbf1b90a9d08
                                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: bce8975ea4260902d3188bfe979235800b84acabe54a4a0990263e245e0602fb
                                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: E031AF72A00219ABDF20DBA4DC49FEB37BCEF88710F1181B6F509D6061EB7097858B24
                                                                                                                                                                                                                                                                                                                                                                            Function 00A6E6B0 Relevance: 19.3, APIs: 10, Strings: 1, Instructions: 72sleepwindowtimeCOMMON
                                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                                            • timeGetTime.WINMM ref: 00A6E6B4
                                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00A1E551: timeGetTime.WINMM(?,?,00A6E6D4), ref: 00A1E555
                                                                                                                                                                                                                                                                                                                                                                            • Sleep.KERNEL32(0000000A), ref: 00A6E6E1
                                                                                                                                                                                                                                                                                                                                                                            • EnumThreadWindows.USER32(?,Function_0006E665,00000000), ref: 00A6E705
                                                                                                                                                                                                                                                                                                                                                                            • FindWindowExW.USER32(00000000,00000000,BUTTON,00000000), ref: 00A6E727
                                                                                                                                                                                                                                                                                                                                                                            • SetActiveWindow.USER32 ref: 00A6E746
                                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,000000F5,00000000,00000000), ref: 00A6E754
                                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000010,00000000,00000000), ref: 00A6E773
                                                                                                                                                                                                                                                                                                                                                                            • Sleep.KERNEL32(000000FA), ref: 00A6E77E
                                                                                                                                                                                                                                                                                                                                                                            • IsWindow.USER32 ref: 00A6E78A
                                                                                                                                                                                                                                                                                                                                                                            • EndDialog.USER32(00000000), ref: 00A6E79B
                                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2226104040.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226057028.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226471803.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226549313.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a00000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                                            • API ID: Window$MessageSendSleepTimetime$ActiveDialogEnumFindThreadWindows
                                                                                                                                                                                                                                                                                                                                                                            • String ID: BUTTON
                                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1194449130-3405671355
                                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: dd08c2d9353f4eff710039280fccdbd739ed13aa31aed9a2f58e4ada50cda6e3
                                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: d20f40dbfbbb0a2f99c876a8c98ad2a722e1a7828491fcf6d97b1ae7d8384ef2
                                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: dd08c2d9353f4eff710039280fccdbd739ed13aa31aed9a2f58e4ada50cda6e3
                                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 19218CB9341704BFEB01DFE4EC89B263B79FB64758B101826F912821A1DF71AC16DB24
                                                                                                                                                                                                                                                                                                                                                                            Function 00A6E9FC Relevance: 19.3, APIs: 5, Strings: 6, Instructions: 71COMMON
                                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00A09CB3: _wcslen.LIBCMT ref: 00A09CBD
                                                                                                                                                                                                                                                                                                                                                                            • mciSendStringW.WINMM(status PlayMe mode,?,00000100,00000000), ref: 00A6EA5D
                                                                                                                                                                                                                                                                                                                                                                            • mciSendStringW.WINMM(close PlayMe,00000000,00000000,00000000), ref: 00A6EA73
                                                                                                                                                                                                                                                                                                                                                                            • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 00A6EA84
                                                                                                                                                                                                                                                                                                                                                                            • mciSendStringW.WINMM(play PlayMe wait,00000000,00000000,00000000), ref: 00A6EA96
                                                                                                                                                                                                                                                                                                                                                                            • mciSendStringW.WINMM(play PlayMe,00000000,00000000,00000000), ref: 00A6EAA7
                                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2226104040.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226057028.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226471803.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226549313.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a00000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                                            • API ID: SendString$_wcslen
                                                                                                                                                                                                                                                                                                                                                                            • String ID: alias PlayMe$close PlayMe$open $play PlayMe$play PlayMe wait$status PlayMe mode
                                                                                                                                                                                                                                                                                                                                                                            • API String ID: 2420728520-1007645807
                                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: ca4e316e5b6b387a5ea8eac4a8cfbc89dca79f526ea69fe4f390042879f13c83
                                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 25407dd89247ddf614e14d7fc89b06a086a35bf1e85877def5e1890f89f75c2b
                                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: ca4e316e5b6b387a5ea8eac4a8cfbc89dca79f526ea69fe4f390042879f13c83
                                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: C111A335A5021D79D720E7A5ED4AEFF6A7CFFD1B40F0008297401A20D1EE700905C6B1
                                                                                                                                                                                                                                                                                                                                                                            Function 00A65CC6 Relevance: 18.2, APIs: 12, Instructions: 173COMMON
                                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                                            • GetDlgItem.USER32(?,00000001), ref: 00A65CE2
                                                                                                                                                                                                                                                                                                                                                                            • GetWindowRect.USER32(00000000,?), ref: 00A65CFB
                                                                                                                                                                                                                                                                                                                                                                            • MoveWindow.USER32(?,0000000A,00000004,?,?,00000004,00000000), ref: 00A65D59
                                                                                                                                                                                                                                                                                                                                                                            • GetDlgItem.USER32(?,00000002), ref: 00A65D69
                                                                                                                                                                                                                                                                                                                                                                            • GetWindowRect.USER32(00000000,?), ref: 00A65D7B
                                                                                                                                                                                                                                                                                                                                                                            • MoveWindow.USER32(?,?,00000004,00000000,?,00000004,00000000), ref: 00A65DCF
                                                                                                                                                                                                                                                                                                                                                                            • GetDlgItem.USER32(?,000003E9), ref: 00A65DDD
                                                                                                                                                                                                                                                                                                                                                                            • GetWindowRect.USER32(00000000,?), ref: 00A65DEF
                                                                                                                                                                                                                                                                                                                                                                            • MoveWindow.USER32(?,0000000A,00000000,?,00000004,00000000), ref: 00A65E31
                                                                                                                                                                                                                                                                                                                                                                            • GetDlgItem.USER32(?,000003EA), ref: 00A65E44
                                                                                                                                                                                                                                                                                                                                                                            • MoveWindow.USER32(00000000,0000000A,0000000A,?,-00000005,00000000), ref: 00A65E5A
                                                                                                                                                                                                                                                                                                                                                                            • InvalidateRect.USER32(?,00000000,00000001), ref: 00A65E67
                                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2226104040.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226057028.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226471803.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226549313.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a00000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                                            • API ID: Window$ItemMoveRect$Invalidate
                                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3096461208-0
                                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 0749e6f1993c3854a61fcd2787f9f0610b7bd971a7f57f5ae1d19ce74510eca1
                                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: e77a8d21533aeec2de8947995a9c67e67c40b4ee5919fc598e588f8595ba1ae8
                                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0749e6f1993c3854a61fcd2787f9f0610b7bd971a7f57f5ae1d19ce74510eca1
                                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 08510C71F00605AFDF18CFA8DD89AAEBBB5EF48310F548129F515E6290DB709E01CB60
                                                                                                                                                                                                                                                                                                                                                                            Function 00A18BCD Relevance: 18.2, APIs: 12, Instructions: 168timeCOMMON
                                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00A18F62: InvalidateRect.USER32(?,00000000,00000001,?,?,?,00A18BE8,?,00000000,?,?,?,?,00A18BBA,00000000,?), ref: 00A18FC5
                                                                                                                                                                                                                                                                                                                                                                            • DestroyWindow.USER32(?), ref: 00A18C81
                                                                                                                                                                                                                                                                                                                                                                            • KillTimer.USER32(00000000,?,?,?,?,00A18BBA,00000000,?), ref: 00A18D1B
                                                                                                                                                                                                                                                                                                                                                                            • DestroyAcceleratorTable.USER32(00000000), ref: 00A56973
                                                                                                                                                                                                                                                                                                                                                                            • ImageList_Destroy.COMCTL32(00000000,?,?,?,?,?,?,00000000,?,?,?,?,00A18BBA,00000000,?), ref: 00A569A1
                                                                                                                                                                                                                                                                                                                                                                            • ImageList_Destroy.COMCTL32(?,?,?,?,?,?,?,00000000,?,?,?,?,00A18BBA,00000000,?), ref: 00A569B8
                                                                                                                                                                                                                                                                                                                                                                            • ImageList_Destroy.COMCTL32(00000000,?,?,?,?,?,?,?,?,00000000,?,?,?,?,00A18BBA,00000000), ref: 00A569D4
                                                                                                                                                                                                                                                                                                                                                                            • DeleteObject.GDI32(00000000), ref: 00A569E6
                                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2226104040.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226057028.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226471803.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226549313.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a00000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                                            • API ID: Destroy$ImageList_$AcceleratorDeleteInvalidateKillObjectRectTableTimerWindow
                                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                                            • API String ID: 641708696-0
                                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: beff6a349063291c40701f39ec336db2bd4fe24c9535d05a87ef873d6e0f3348
                                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 67317e849d28b787b8689e03df10be71bfbc3dc56eb7ec4c982b93d51d3d015a
                                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: beff6a349063291c40701f39ec336db2bd4fe24c9535d05a87ef873d6e0f3348
                                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: AC618D30602700EFCB25DFA8DA58BA977F1FB40352F54451AE4439B960CB39A9C6DF90
                                                                                                                                                                                                                                                                                                                                                                            Function 00A19838 Relevance: 18.1, APIs: 12, Instructions: 137COMMON
                                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00A19944: GetWindowLongW.USER32(?,000000EB), ref: 00A19952
                                                                                                                                                                                                                                                                                                                                                                            • GetSysColor.USER32(0000000F), ref: 00A19862
                                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2226104040.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226057028.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226471803.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226549313.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a00000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                                            • API ID: ColorLongWindow
                                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                                            • API String ID: 259745315-0
                                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: d6f9e3b6141c59f187250bfa8ca5a38e24116c97dcf6f6082334416978f2bd4d
                                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 850d859686d8e40cbd3b9645b0e65c3963c4a677ca90d8e61e6dc730346bf2ce
                                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d6f9e3b6141c59f187250bfa8ca5a38e24116c97dcf6f6082334416978f2bd4d
                                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4641A531204640AFDB209F7C9C94BFA3BA5FB06771F244616F9A29B1E1DB319C82DB11
                                                                                                                                                                                                                                                                                                                                                                            Function 00A696E2 Relevance: 17.6, APIs: 5, Strings: 5, Instructions: 137windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                                            • GetModuleHandleW.KERNEL32(00000000,?,00000FFF,00000001,00000000,?,?,00A4F7F8,00000001,0000138C,00000001,?,00000001,00000000,?,?), ref: 00A69717
                                                                                                                                                                                                                                                                                                                                                                            • LoadStringW.USER32(00000000,?,00A4F7F8,00000001), ref: 00A69720
                                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00A09CB3: _wcslen.LIBCMT ref: 00A09CBD
                                                                                                                                                                                                                                                                                                                                                                            • GetModuleHandleW.KERNEL32(00000000,00000001,?,00000FFF,?,?,00A4F7F8,00000001,0000138C,00000001,?,00000001,00000000,?,?,00000000), ref: 00A69742
                                                                                                                                                                                                                                                                                                                                                                            • LoadStringW.USER32(00000000,?,00A4F7F8,00000001), ref: 00A69745
                                                                                                                                                                                                                                                                                                                                                                            • MessageBoxW.USER32(00000000,00000000,?,00011010), ref: 00A69866
                                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2226104040.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226057028.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226471803.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226549313.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a00000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                                            • API ID: HandleLoadModuleString$Message_wcslen
                                                                                                                                                                                                                                                                                                                                                                            • String ID: Error: $%s (%d) : ==> %s: %s %s$Line %d (File "%s"):$Line %d:$^ ERROR
                                                                                                                                                                                                                                                                                                                                                                            • API String ID: 747408836-2268648507
                                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 95c1d222f4ee9a03f381642362a387d2e6fc42cf469f3c0f62b9a3ab4226425d
                                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 3124b6f19e0d8515ea06305f75044e108b9e8372e9e5992102084a9ee42e51a2
                                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 95c1d222f4ee9a03f381642362a387d2e6fc42cf469f3c0f62b9a3ab4226425d
                                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2A41197290020DAADF04EBE0EF86EEFB77CAF55340F500465B60576092EA356F49CB61
                                                                                                                                                                                                                                                                                                                                                                            Function 00A606DE Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 127registryshareCOMMON
                                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00A06B57: _wcslen.LIBCMT ref: 00A06B6A
                                                                                                                                                                                                                                                                                                                                                                            • WNetAddConnection2W.MPR(?,?,?,00000000), ref: 00A607A2
                                                                                                                                                                                                                                                                                                                                                                            • RegConnectRegistryW.ADVAPI32(?,80000002,?), ref: 00A607BE
                                                                                                                                                                                                                                                                                                                                                                            • RegOpenKeyExW.ADVAPI32(?,?,00000000,00020019,?,?,SOFTWARE\Classes\), ref: 00A607DA
                                                                                                                                                                                                                                                                                                                                                                            • RegQueryValueExW.ADVAPI32(?,00000000,00000000,00000000,?,?,?,SOFTWARE\Classes\), ref: 00A60804
                                                                                                                                                                                                                                                                                                                                                                            • CLSIDFromString.OLE32(?,000001FE,?,SOFTWARE\Classes\), ref: 00A6082C
                                                                                                                                                                                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(?,?,SOFTWARE\Classes\), ref: 00A60837
                                                                                                                                                                                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(?,?,SOFTWARE\Classes\), ref: 00A6083C
                                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2226104040.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226057028.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226471803.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226549313.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a00000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                                            • API ID: Close$ConnectConnection2FromOpenQueryRegistryStringValue_wcslen
                                                                                                                                                                                                                                                                                                                                                                            • String ID: SOFTWARE\Classes\$\CLSID$\IPC$
                                                                                                                                                                                                                                                                                                                                                                            • API String ID: 323675364-22481851
                                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 99fbf9da71c8e6ed3806090343cf95a065c21acea194702269401187f89b06c4
                                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 811b1a488e7ed0f62704bd9ba3890ace53dc28bb2074ae88df3eacbaa83c98af
                                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 99fbf9da71c8e6ed3806090343cf95a065c21acea194702269401187f89b06c4
                                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: B9410672D1062DABDF15EBA4ED85DEEB778BF14350F044169E901A71A1EB30AE44CBA0
                                                                                                                                                                                                                                                                                                                                                                            Function 00A83C30 Relevance: 16.8, APIs: 11, Instructions: 344fileCOMMON
                                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                                            • VariantInit.OLEAUT32(?), ref: 00A83C5C
                                                                                                                                                                                                                                                                                                                                                                            • CoInitialize.OLE32(00000000), ref: 00A83C8A
                                                                                                                                                                                                                                                                                                                                                                            • CoUninitialize.OLE32 ref: 00A83C94
                                                                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 00A83D2D
                                                                                                                                                                                                                                                                                                                                                                            • GetRunningObjectTable.OLE32(00000000,?), ref: 00A83DB1
                                                                                                                                                                                                                                                                                                                                                                            • SetErrorMode.KERNEL32(00000001,00000029), ref: 00A83ED5
                                                                                                                                                                                                                                                                                                                                                                            • CoGetInstanceFromFile.OLE32(00000000,?,00000000,00000015,00000002,?,00000001,?), ref: 00A83F0E
                                                                                                                                                                                                                                                                                                                                                                            • CoGetObject.OLE32(?,00000000,00A9FB98,?), ref: 00A83F2D
                                                                                                                                                                                                                                                                                                                                                                            • SetErrorMode.KERNEL32(00000000), ref: 00A83F40
                                                                                                                                                                                                                                                                                                                                                                            • SetErrorMode.KERNEL32(00000000,00000000,00000000,00000000,00000000), ref: 00A83FC4
                                                                                                                                                                                                                                                                                                                                                                            • VariantClear.OLEAUT32(?), ref: 00A83FD8
                                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2226104040.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226057028.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226471803.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226549313.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a00000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                                            • API ID: ErrorMode$ObjectVariant$ClearFileFromInitInitializeInstanceRunningTableUninitialize_wcslen
                                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                                            • API String ID: 429561992-0
                                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 9a07e4523d647cbb45eaeb62e562e6444de4bbeb2c390a6d2583e74a114f7fbf
                                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 1835ba6173d00249f1d459a11758abf3483f15a850ac1d9b2cbfdc222cbc3878
                                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9a07e4523d647cbb45eaeb62e562e6444de4bbeb2c390a6d2583e74a114f7fbf
                                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1CC147726083059FDB00EF68C98492BBBE9FF89B44F10491DF98A9B251DB31ED45CB52
                                                                                                                                                                                                                                                                                                                                                                            Function 00A77A96 Relevance: 16.8, APIs: 11, Instructions: 298comCOMMON
                                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                                            • CoInitialize.OLE32(00000000), ref: 00A77AF3
                                                                                                                                                                                                                                                                                                                                                                            • SHGetSpecialFolderLocation.SHELL32(00000000,00000000,?), ref: 00A77B8F
                                                                                                                                                                                                                                                                                                                                                                            • SHGetDesktopFolder.SHELL32(?), ref: 00A77BA3
                                                                                                                                                                                                                                                                                                                                                                            • CoCreateInstance.OLE32(00A9FD08,00000000,00000001,00AC6E6C,?), ref: 00A77BEF
                                                                                                                                                                                                                                                                                                                                                                            • SHCreateShellItem.SHELL32(00000000,00000000,?,00000003), ref: 00A77C74
                                                                                                                                                                                                                                                                                                                                                                            • CoTaskMemFree.OLE32(?,?), ref: 00A77CCC
                                                                                                                                                                                                                                                                                                                                                                            • SHBrowseForFolderW.SHELL32(?), ref: 00A77D57
                                                                                                                                                                                                                                                                                                                                                                            • SHGetPathFromIDListW.SHELL32(00000000,?), ref: 00A77D7A
                                                                                                                                                                                                                                                                                                                                                                            • CoTaskMemFree.OLE32(00000000), ref: 00A77D81
                                                                                                                                                                                                                                                                                                                                                                            • CoTaskMemFree.OLE32(00000000), ref: 00A77DD6
                                                                                                                                                                                                                                                                                                                                                                            • CoUninitialize.OLE32 ref: 00A77DDC
                                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2226104040.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226057028.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226471803.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226549313.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a00000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                                            • API ID: FolderFreeTask$Create$BrowseDesktopFromInitializeInstanceItemListLocationPathShellSpecialUninitialize
                                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                                            • API String ID: 2762341140-0
                                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 09310fa239562d6c304fc024988d12c4d018238f03be3b14e947b6299790317d
                                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 894ec5bd963e2006e661599cfd2ef875c3c6aaba0f20ef16d8d267d55d5470b3
                                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 09310fa239562d6c304fc024988d12c4d018238f03be3b14e947b6299790317d
                                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F6C10C75A04109AFDB14DFA4C984DAEBBF5FF48314B14C499E81ADB262DB30ED45CB90
                                                                                                                                                                                                                                                                                                                                                                            Function 00A9541D Relevance: 16.7, APIs: 11, Instructions: 191windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00000158,000000FF,00000158), ref: 00A95504
                                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 00A95515
                                                                                                                                                                                                                                                                                                                                                                            • CharNextW.USER32(00000158), ref: 00A95544
                                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,0000014B,00000000,00000000), ref: 00A95585
                                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00000158,000000FF,0000014E), ref: 00A9559B
                                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 00A955AC
                                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2226104040.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226057028.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226471803.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226549313.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a00000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                                            • API ID: MessageSend$CharNext
                                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1350042424-0
                                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 16a2833d7da388fa96afa19aceef522cb7bad57706c92816d4270e23f9771490
                                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 13024a49b1d710a05ca93e6470a98a841fdbd9ef793dd114968be1fbc144b51f
                                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 16a2833d7da388fa96afa19aceef522cb7bad57706c92816d4270e23f9771490
                                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0C618E35F00608AFDF12DFA4CC869FE7BF9EB45720F108145FA25AA291D7749A81DB60
                                                                                                                                                                                                                                                                                                                                                                            Function 00A5FA88 Relevance: 16.6, APIs: 11, Instructions: 122memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                                            • SafeArrayAllocDescriptorEx.OLEAUT32(0000000C,?,?), ref: 00A5FAAF
                                                                                                                                                                                                                                                                                                                                                                            • SafeArrayAllocData.OLEAUT32(?), ref: 00A5FB08
                                                                                                                                                                                                                                                                                                                                                                            • VariantInit.OLEAUT32(?), ref: 00A5FB1A
                                                                                                                                                                                                                                                                                                                                                                            • SafeArrayAccessData.OLEAUT32(?,?), ref: 00A5FB3A
                                                                                                                                                                                                                                                                                                                                                                            • VariantCopy.OLEAUT32(?,?), ref: 00A5FB8D
                                                                                                                                                                                                                                                                                                                                                                            • SafeArrayUnaccessData.OLEAUT32(?), ref: 00A5FBA1
                                                                                                                                                                                                                                                                                                                                                                            • VariantClear.OLEAUT32(?), ref: 00A5FBB6
                                                                                                                                                                                                                                                                                                                                                                            • SafeArrayDestroyData.OLEAUT32(?), ref: 00A5FBC3
                                                                                                                                                                                                                                                                                                                                                                            • SafeArrayDestroyDescriptor.OLEAUT32(?), ref: 00A5FBCC
                                                                                                                                                                                                                                                                                                                                                                            • VariantClear.OLEAUT32(?), ref: 00A5FBDE
                                                                                                                                                                                                                                                                                                                                                                            • SafeArrayDestroyDescriptor.OLEAUT32(?), ref: 00A5FBE9
                                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2226104040.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226057028.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226471803.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226549313.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a00000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                                            • API ID: ArraySafe$DataVariant$DescriptorDestroy$AllocClear$AccessCopyInitUnaccess
                                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                                            • API String ID: 2706829360-0
                                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 3d30bb489e4356c9ec71b1b6f2c2ec60dfe5d25ad16721dc4664acc3632f1fd0
                                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 9fa0e0447b65d0e0604220a28da64d9201241e4b89c6b2e71b7c3989707069cb
                                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3d30bb489e4356c9ec71b1b6f2c2ec60dfe5d25ad16721dc4664acc3632f1fd0
                                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 04416375B00219DFCF00DFA8D8589ADBBB9FF48355F018065F916A7261CB30A946CFA1
                                                                                                                                                                                                                                                                                                                                                                            Function 00A69C79 Relevance: 16.6, APIs: 11, Instructions: 119keyboardCOMMON
                                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                                            • GetKeyboardState.USER32(?), ref: 00A69CA1
                                                                                                                                                                                                                                                                                                                                                                            • GetAsyncKeyState.USER32(000000A0), ref: 00A69D22
                                                                                                                                                                                                                                                                                                                                                                            • GetKeyState.USER32(000000A0), ref: 00A69D3D
                                                                                                                                                                                                                                                                                                                                                                            • GetAsyncKeyState.USER32(000000A1), ref: 00A69D57
                                                                                                                                                                                                                                                                                                                                                                            • GetKeyState.USER32(000000A1), ref: 00A69D6C
                                                                                                                                                                                                                                                                                                                                                                            • GetAsyncKeyState.USER32(00000011), ref: 00A69D84
                                                                                                                                                                                                                                                                                                                                                                            • GetKeyState.USER32(00000011), ref: 00A69D96
                                                                                                                                                                                                                                                                                                                                                                            • GetAsyncKeyState.USER32(00000012), ref: 00A69DAE
                                                                                                                                                                                                                                                                                                                                                                            • GetKeyState.USER32(00000012), ref: 00A69DC0
                                                                                                                                                                                                                                                                                                                                                                            • GetAsyncKeyState.USER32(0000005B), ref: 00A69DD8
                                                                                                                                                                                                                                                                                                                                                                            • GetKeyState.USER32(0000005B), ref: 00A69DEA
                                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2226104040.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226057028.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226471803.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226549313.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a00000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                                            • API ID: State$Async$Keyboard
                                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                                            • API String ID: 541375521-0
                                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: d426351b89d01621c914e70d93ee634328ca4b3a0a43dd4116e9494aab579a7b
                                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: f415de64eed881740db0a5a63f478825241c78c3ca4b22613fd14c1608f184be
                                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d426351b89d01621c914e70d93ee634328ca4b3a0a43dd4116e9494aab579a7b
                                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3141C834604BC9ADFF31D7A4C8043B7BEB8AF11354F04806ADAC6565C2DBB599D8C7A2
                                                                                                                                                                                                                                                                                                                                                                            Function 00A8055B Relevance: 16.0, APIs: 8, Strings: 1, Instructions: 207networkfileCOMMON
                                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                                            • WSAStartup.WSOCK32(00000101,?), ref: 00A805BC
                                                                                                                                                                                                                                                                                                                                                                            • inet_addr.WSOCK32(?), ref: 00A8061C
                                                                                                                                                                                                                                                                                                                                                                            • gethostbyname.WSOCK32(?), ref: 00A80628
                                                                                                                                                                                                                                                                                                                                                                            • IcmpCreateFile.IPHLPAPI ref: 00A80636
                                                                                                                                                                                                                                                                                                                                                                            • IcmpSendEcho.IPHLPAPI(?,?,?,00000005,00000000,?,00000029,00000FA0), ref: 00A806C6
                                                                                                                                                                                                                                                                                                                                                                            • IcmpSendEcho.IPHLPAPI(00000000,00000000,?,00000005,00000000,?,00000029,00000FA0), ref: 00A806E5
                                                                                                                                                                                                                                                                                                                                                                            • IcmpCloseHandle.IPHLPAPI(?), ref: 00A807B9
                                                                                                                                                                                                                                                                                                                                                                            • WSACleanup.WSOCK32 ref: 00A807BF
                                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2226104040.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226057028.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226471803.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226549313.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a00000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                                            • API ID: Icmp$EchoSend$CleanupCloseCreateFileHandleStartupgethostbynameinet_addr
                                                                                                                                                                                                                                                                                                                                                                            • String ID: Ping
                                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1028309954-2246546115
                                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 1b11401bb68a8a2f1fdbe68bcca15445e88ae629fd1b74c88440d2ab46615197
                                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 41c4c9b1f84c5c4a3fce10f238f762e4566622e4b5619a7183ab682c66540f60
                                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 1b11401bb68a8a2f1fdbe68bcca15445e88ae629fd1b74c88440d2ab46615197
                                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: A891BF356086419FD360EF15D988F1ABBE0AF44318F1485A9F46A8B7A2CB70FC49CF91
                                                                                                                                                                                                                                                                                                                                                                            Function 00A88CD3 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 193COMMON
                                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2226104040.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226057028.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226471803.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226549313.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a00000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                                            • API ID: _wcslen$BuffCharLower
                                                                                                                                                                                                                                                                                                                                                                            • String ID: cdecl$none$stdcall$winapi
                                                                                                                                                                                                                                                                                                                                                                            • API String ID: 707087890-567219261
                                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 2e6fe6d7cb1372a8dbe3237206260439b163979259b6cc8077d75b3927f6b230
                                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 8510f4c99b729652ffacc28e17cf02f91dbb279b30653a8426d81866853d99b3
                                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2e6fe6d7cb1372a8dbe3237206260439b163979259b6cc8077d75b3927f6b230
                                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 50519231A001169BCF14EF6CC9409BEB7B5BF64724BA14229E966E72C5DF39DD40C790
                                                                                                                                                                                                                                                                                                                                                                            Function 00A8372C Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 187comCOMMON
                                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                                            • CoInitialize.OLE32 ref: 00A83774
                                                                                                                                                                                                                                                                                                                                                                            • CoUninitialize.OLE32 ref: 00A8377F
                                                                                                                                                                                                                                                                                                                                                                            • CoCreateInstance.OLE32(?,00000000,00000017,00A9FB78,?), ref: 00A837D9
                                                                                                                                                                                                                                                                                                                                                                            • IIDFromString.OLE32(?,?), ref: 00A8384C
                                                                                                                                                                                                                                                                                                                                                                            • VariantInit.OLEAUT32(?), ref: 00A838E4
                                                                                                                                                                                                                                                                                                                                                                            • VariantClear.OLEAUT32(?), ref: 00A83936
                                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2226104040.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226057028.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226471803.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226549313.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a00000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                                            • API ID: Variant$ClearCreateFromInitInitializeInstanceStringUninitialize
                                                                                                                                                                                                                                                                                                                                                                            • String ID: Failed to create object$Invalid parameter$NULL Pointer assignment
                                                                                                                                                                                                                                                                                                                                                                            • API String ID: 636576611-1287834457
                                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 9c116845e217ef08bf9ff9415da50207028960c461d62ee596a8f1bcc64a0747
                                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 7018fba300ab099831841fb79cd911c315c1f21d257f51268292860661f42b08
                                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9c116845e217ef08bf9ff9415da50207028960c461d62ee596a8f1bcc64a0747
                                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7E61A072608701AFDB10EF54C948F6ABBE8EF49B10F004849F9859B291D770EE49CB92
                                                                                                                                                                                                                                                                                                                                                                            Function 00A78195 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 186timeCOMMON
                                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                                            • GetLocalTime.KERNEL32(?), ref: 00A78257
                                                                                                                                                                                                                                                                                                                                                                            • SystemTimeToFileTime.KERNEL32(?,?), ref: 00A78267
                                                                                                                                                                                                                                                                                                                                                                            • LocalFileTimeToFileTime.KERNEL32(?,?), ref: 00A78273
                                                                                                                                                                                                                                                                                                                                                                            • GetCurrentDirectoryW.KERNEL32(00007FFF,?), ref: 00A78310
                                                                                                                                                                                                                                                                                                                                                                            • SetCurrentDirectoryW.KERNEL32(?), ref: 00A78324
                                                                                                                                                                                                                                                                                                                                                                            • SetCurrentDirectoryW.KERNEL32(?), ref: 00A78356
                                                                                                                                                                                                                                                                                                                                                                            • SetCurrentDirectoryW.KERNEL32(?,?,?,?,?), ref: 00A7838C
                                                                                                                                                                                                                                                                                                                                                                            • SetCurrentDirectoryW.KERNEL32(?), ref: 00A78395
                                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2226104040.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226057028.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226471803.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226549313.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a00000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                                            • API ID: CurrentDirectoryTime$File$Local$System
                                                                                                                                                                                                                                                                                                                                                                            • String ID: *.*
                                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1464919966-438819550
                                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: f92adc2c33add46c576893caaa4250a9455c7a4b97dd1ceaf0e9fc59508ba842
                                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 9f9647d03d5cb6347370f647a1f15fa05edc008e296b7e9e93017e79f9f61b54
                                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: f92adc2c33add46c576893caaa4250a9455c7a4b97dd1ceaf0e9fc59508ba842
                                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6B617B726083059FC710EF64D9449AFB3E8FF89324F04892EF99987251DB35E945CB92
                                                                                                                                                                                                                                                                                                                                                                            Function 00A73388 Relevance: 15.9, APIs: 3, Strings: 6, Instructions: 149COMMON
                                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                                            • LoadStringW.USER32(00000066,?,00000FFF,?), ref: 00A733CF
                                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00A09CB3: _wcslen.LIBCMT ref: 00A09CBD
                                                                                                                                                                                                                                                                                                                                                                            • LoadStringW.USER32(00000072,?,00000FFF,?), ref: 00A733F0
                                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2226104040.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226057028.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226471803.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226549313.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a00000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                                            • API ID: LoadString$_wcslen
                                                                                                                                                                                                                                                                                                                                                                            • String ID: Error: $"%s" (%d) : ==> %s:$"%s" (%d) : ==> %s:%s%s$Incorrect parameters to object property !$Line %d (File "%s"):$^ ERROR
                                                                                                                                                                                                                                                                                                                                                                            • API String ID: 4099089115-3080491070
                                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: d3a555d84bdfda191e0f22ca62a5bb0525467f47ddda9f3756b81be761e47707
                                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 5731148694e8311748f712b4fcca57f84ee17e47eb6bde5e0a4cfdefcfd9d6c6
                                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d3a555d84bdfda191e0f22ca62a5bb0525467f47ddda9f3756b81be761e47707
                                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 77518C72900209BADF18EBE0DE46EEEB778AF04340F108465F509760A2EB312F58DB61
                                                                                                                                                                                                                                                                                                                                                                            Function 00A6B5C8 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 142COMMON
                                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2226104040.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226057028.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226471803.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226549313.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a00000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                                            • API ID: _wcslen$BuffCharUpper
                                                                                                                                                                                                                                                                                                                                                                            • String ID: APPEND$EXISTS$KEYS$REMOVE
                                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1256254125-769500911
                                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: cdef311ad10b5a6c310a5bc23fa9c239705c074d4ea1192f9ed0ec42aad4462f
                                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: a71f2486e9e38d11412c806ba035eb6320c4098aff64fb071baad5e7121924a7
                                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: cdef311ad10b5a6c310a5bc23fa9c239705c074d4ea1192f9ed0ec42aad4462f
                                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: BD41C636A211269BCB209F7DCD905BE77B5AFA0B54B254529E421DB284F731CDC1C7B0
                                                                                                                                                                                                                                                                                                                                                                            Function 00A75393 Relevance: 15.9, APIs: 4, Strings: 5, Instructions: 103COMMON
                                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                                            • SetErrorMode.KERNEL32(00000001), ref: 00A753A0
                                                                                                                                                                                                                                                                                                                                                                            • GetDiskFreeSpaceW.KERNEL32(?,?,?,?,?,00000002,00000001), ref: 00A75416
                                                                                                                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 00A75420
                                                                                                                                                                                                                                                                                                                                                                            • SetErrorMode.KERNEL32(00000000,READY), ref: 00A754A7
                                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2226104040.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226057028.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226471803.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226549313.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a00000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                                            • API ID: Error$Mode$DiskFreeLastSpace
                                                                                                                                                                                                                                                                                                                                                                            • String ID: INVALID$NOTREADY$READONLY$READY$UNKNOWN
                                                                                                                                                                                                                                                                                                                                                                            • API String ID: 4194297153-14809454
                                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 8900d626af7eb4251f435f6c750ff67749e40fe954d1214448b51bde478315c9
                                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 30eb69f793a96c811293dd9b85b2dd492b0ffca5a6d45a01ede4981d58ea851e
                                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 8900d626af7eb4251f435f6c750ff67749e40fe954d1214448b51bde478315c9
                                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 40319F35E005049FDB10DF68C984BAABBB5EF05315F14C06AE40ACB292DBB1ED86CB91
                                                                                                                                                                                                                                                                                                                                                                            Function 00A93C46 Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 101windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                                            • CreateMenu.USER32 ref: 00A93C79
                                                                                                                                                                                                                                                                                                                                                                            • SetMenu.USER32(?,00000000), ref: 00A93C88
                                                                                                                                                                                                                                                                                                                                                                            • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 00A93D10
                                                                                                                                                                                                                                                                                                                                                                            • IsMenu.USER32(?), ref: 00A93D24
                                                                                                                                                                                                                                                                                                                                                                            • CreatePopupMenu.USER32 ref: 00A93D2E
                                                                                                                                                                                                                                                                                                                                                                            • InsertMenuItemW.USER32(?,?,00000001,00000030), ref: 00A93D5B
                                                                                                                                                                                                                                                                                                                                                                            • DrawMenuBar.USER32 ref: 00A93D63
                                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2226104040.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226057028.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226471803.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226549313.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a00000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                                            • API ID: Menu$CreateItem$DrawInfoInsertPopup
                                                                                                                                                                                                                                                                                                                                                                            • String ID: 0$F
                                                                                                                                                                                                                                                                                                                                                                            • API String ID: 161812096-3044882817
                                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: dbc055591fef9f119be17fdda8e753b9cbfae927905568833c362fb66211ef6d
                                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 8e6ef96ca79e3842608761a78aba21ca8a193d88ba3ead7a37fbd9a54b7c8c19
                                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: dbc055591fef9f119be17fdda8e753b9cbfae927905568833c362fb66211ef6d
                                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 784157BAB01609AFDF14CFA4D894AAA7BF5FF49350F140429F946A7360D730AA11CF94
                                                                                                                                                                                                                                                                                                                                                                            Function 00A93A23 Relevance: 15.2, APIs: 10, Instructions: 182windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,0000101F,00000000,00000000), ref: 00A93A9D
                                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,?,0000101F,00000000), ref: 00A93AA0
                                                                                                                                                                                                                                                                                                                                                                            • GetWindowLongW.USER32(?,000000F0), ref: 00A93AC7
                                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00A93AEA
                                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,0000104D,00000000,00000007), ref: 00A93B62
                                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00001074,00000000,00000007), ref: 00A93BAC
                                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00001057,00000000,00000000), ref: 00A93BC7
                                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,0000101D,00001004,00000000), ref: 00A93BE2
                                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,0000101E,00001004,00000000), ref: 00A93BF6
                                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00001008,00000000,00000007), ref: 00A93C13
                                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2226104040.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226057028.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226471803.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226549313.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a00000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                                            • API ID: MessageSend$LongWindow
                                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                                            • API String ID: 312131281-0
                                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 2c3c78b7730eab7670622f73fcec4648d7e5a302a7da77240c95bc67b2ed3c6d
                                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: ec772df00d336966dfdffb8a9349d81477c677343382ad101442030fc49babe4
                                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2c3c78b7730eab7670622f73fcec4648d7e5a302a7da77240c95bc67b2ed3c6d
                                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 12615B75A00248AFDF10DFA8CD81EEE77F8EB09710F10419AFA15A7292D774AE46DB50
                                                                                                                                                                                                                                                                                                                                                                            Function 00A6B12F Relevance: 15.1, APIs: 10, Instructions: 88threadCOMMON
                                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                                            • GetCurrentThreadId.KERNEL32 ref: 00A6B151
                                                                                                                                                                                                                                                                                                                                                                            • GetForegroundWindow.USER32(00000000,?,?,?,?,?,00A6A1E1,?,00000001), ref: 00A6B165
                                                                                                                                                                                                                                                                                                                                                                            • GetWindowThreadProcessId.USER32(00000000), ref: 00A6B16C
                                                                                                                                                                                                                                                                                                                                                                            • AttachThreadInput.USER32(00000000,00000000,00000001,?,?,?,?,?,00A6A1E1,?,00000001), ref: 00A6B17B
                                                                                                                                                                                                                                                                                                                                                                            • GetWindowThreadProcessId.USER32(?,00000000), ref: 00A6B18D
                                                                                                                                                                                                                                                                                                                                                                            • AttachThreadInput.USER32(?,00000000,00000001,?,?,?,?,?,00A6A1E1,?,00000001), ref: 00A6B1A6
                                                                                                                                                                                                                                                                                                                                                                            • AttachThreadInput.USER32(00000000,00000000,00000001,?,?,?,?,?,00A6A1E1,?,00000001), ref: 00A6B1B8
                                                                                                                                                                                                                                                                                                                                                                            • AttachThreadInput.USER32(00000000,00000000,?,?,?,?,?,00A6A1E1,?,00000001), ref: 00A6B1FD
                                                                                                                                                                                                                                                                                                                                                                            • AttachThreadInput.USER32(?,?,00000000,?,?,?,?,?,00A6A1E1,?,00000001), ref: 00A6B212
                                                                                                                                                                                                                                                                                                                                                                            • AttachThreadInput.USER32(00000000,?,00000000,?,?,?,?,?,00A6A1E1,?,00000001), ref: 00A6B21D
                                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2226104040.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226057028.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226471803.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226549313.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a00000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                                            • API ID: Thread$AttachInput$Window$Process$CurrentForeground
                                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                                            • API String ID: 2156557900-0
                                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 584c7c38d9045d09eb397d571fb2a6b650f94d257638a6be37016840eb11a6f8
                                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: d7c230950e2df76e89bcfe3f8f7ce4f546d3ec479de56a481b75a7c79687226d
                                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 584c7c38d9045d09eb397d571fb2a6b650f94d257638a6be37016840eb11a6f8
                                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D3319172610604BFDF10DFA4DC58BAE7BB9BB51321F108116FA06D61A0DBB49A828F71
                                                                                                                                                                                                                                                                                                                                                                            Function 00A32C80 Relevance: 15.1, APIs: 10, Instructions: 54COMMON
                                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 00A32C94
                                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00A329C8: RtlFreeHeap.NTDLL(00000000,00000000,?,00A3D7D1,00000000,00000000,00000000,00000000,?,00A3D7F8,00000000,00000007,00000000,?,00A3DBF5,00000000), ref: 00A329DE
                                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00A329C8: GetLastError.KERNEL32(00000000,?,00A3D7D1,00000000,00000000,00000000,00000000,?,00A3D7F8,00000000,00000007,00000000,?,00A3DBF5,00000000,00000000), ref: 00A329F0
                                                                                                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 00A32CA0
                                                                                                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 00A32CAB
                                                                                                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 00A32CB6
                                                                                                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 00A32CC1
                                                                                                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 00A32CCC
                                                                                                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 00A32CD7
                                                                                                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 00A32CE2
                                                                                                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 00A32CED
                                                                                                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 00A32CFB
                                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2226104040.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226057028.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226471803.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226549313.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a00000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                                            • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                                            • API String ID: 776569668-0
                                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: b0d061ed36a3355f28b214eeb8cb20772df4c788da4a7a1d2fc446e1d8cfb4ba
                                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: f63dc1290b42930180499a3976290828c5e2d28d2da11c0e834d9bcfe3430fbf
                                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: b0d061ed36a3355f28b214eeb8cb20772df4c788da4a7a1d2fc446e1d8cfb4ba
                                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: E511C876100118BFCB02EF54EA82EDD7BA5FF45350F4144A5FA489F232DA31EE509B90
                                                                                                                                                                                                                                                                                                                                                                            Function 00A77DF0 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 230COMMON
                                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                                            • GetCurrentDirectoryW.KERNEL32(00007FFF,?), ref: 00A77FAD
                                                                                                                                                                                                                                                                                                                                                                            • SetCurrentDirectoryW.KERNEL32(?), ref: 00A77FC1
                                                                                                                                                                                                                                                                                                                                                                            • GetFileAttributesW.KERNEL32(?), ref: 00A77FEB
                                                                                                                                                                                                                                                                                                                                                                            • SetFileAttributesW.KERNEL32(?,00000000), ref: 00A78005
                                                                                                                                                                                                                                                                                                                                                                            • SetCurrentDirectoryW.KERNEL32(?), ref: 00A78017
                                                                                                                                                                                                                                                                                                                                                                            • SetCurrentDirectoryW.KERNEL32(?), ref: 00A78060
                                                                                                                                                                                                                                                                                                                                                                            • SetCurrentDirectoryW.KERNEL32(?,?,?,?,?), ref: 00A780B0
                                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2226104040.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226057028.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226471803.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226549313.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a00000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                                            • API ID: CurrentDirectory$AttributesFile
                                                                                                                                                                                                                                                                                                                                                                            • String ID: *.*
                                                                                                                                                                                                                                                                                                                                                                            • API String ID: 769691225-438819550
                                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 9be1dc4fc16b6834a89ac52d925e4977cf09fe5f113db30e09872127ac8666b7
                                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: f031a54469ca3901bacdffb5334705ea7accf4969f27e5d4ea3528d952291511
                                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9be1dc4fc16b6834a89ac52d925e4977cf09fe5f113db30e09872127ac8666b7
                                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: E5818E725082059BDB20EF14CD449AEB3E8BF88714F54CC6EF889D7250EB75ED498B92
                                                                                                                                                                                                                                                                                                                                                                            Function 00A05BEA Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 184windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                                            • SetWindowLongW.USER32(?,000000EB), ref: 00A05C7A
                                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00A05D0A: GetClientRect.USER32(?,?), ref: 00A05D30
                                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00A05D0A: GetWindowRect.USER32(?,?), ref: 00A05D71
                                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00A05D0A: ScreenToClient.USER32(?,?), ref: 00A05D99
                                                                                                                                                                                                                                                                                                                                                                            • GetDC.USER32 ref: 00A446F5
                                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00000031,00000000,00000000), ref: 00A44708
                                                                                                                                                                                                                                                                                                                                                                            • SelectObject.GDI32(00000000,00000000), ref: 00A44716
                                                                                                                                                                                                                                                                                                                                                                            • SelectObject.GDI32(00000000,00000000), ref: 00A4472B
                                                                                                                                                                                                                                                                                                                                                                            • ReleaseDC.USER32(?,00000000), ref: 00A44733
                                                                                                                                                                                                                                                                                                                                                                            • MoveWindow.USER32(?,?,?,?,?,?,?,00000031,00000000,00000000), ref: 00A447C4
                                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2226104040.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226057028.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226471803.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226549313.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a00000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                                            • API ID: Window$ClientObjectRectSelect$LongMessageMoveReleaseScreenSend
                                                                                                                                                                                                                                                                                                                                                                            • String ID: U
                                                                                                                                                                                                                                                                                                                                                                            • API String ID: 4009187628-3372436214
                                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 624c3f43575704ddf606d20ffb04043f398a703dfb3eedfa7bd9cdaf72957d41
                                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: ce9e6a25329dfd95562b047e3a94f66e4d293d400e93ba0d6dc75c3ff4390a94
                                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 624c3f43575704ddf606d20ffb04043f398a703dfb3eedfa7bd9cdaf72957d41
                                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6D71F239900209EFDF21CF64C984BBA7BB5FF8A361F14426AED565A1A6C7309C42DF50
                                                                                                                                                                                                                                                                                                                                                                            Function 00A7359C Relevance: 14.2, APIs: 3, Strings: 5, Instructions: 150COMMON
                                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                                            • LoadStringW.USER32(00000066,?,00000FFF,00000000), ref: 00A735E4
                                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00A09CB3: _wcslen.LIBCMT ref: 00A09CBD
                                                                                                                                                                                                                                                                                                                                                                            • LoadStringW.USER32(00AD2390,?,00000FFF,?), ref: 00A7360A
                                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2226104040.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226057028.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226471803.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226549313.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a00000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                                            • API ID: LoadString$_wcslen
                                                                                                                                                                                                                                                                                                                                                                            • String ID: Error: $"%s" (%d) : ==> %s:$"%s" (%d) : ==> %s:%s%s$Line %d (File "%s"):$^ ERROR
                                                                                                                                                                                                                                                                                                                                                                            • API String ID: 4099089115-2391861430
                                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 98779ed92ec2622d1902668ae16f9c9b81535d234d403c46ab90dc3df2959df0
                                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 00b9c13f7fb023a03847540edde7c6266948f02ceecb947ddcaff204aee5b1e7
                                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 98779ed92ec2622d1902668ae16f9c9b81535d234d403c46ab90dc3df2959df0
                                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1A516F72D00209BADF14EBE0DE42EEEBB78AF14340F148125F105761A2DB311B99DF61
                                                                                                                                                                                                                                                                                                                                                                            Function 00A98B02 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 149windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00A19BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00A19BB2
                                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00A1912D: GetCursorPos.USER32(?), ref: 00A19141
                                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00A1912D: ScreenToClient.USER32(00000000,?), ref: 00A1915E
                                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00A1912D: GetAsyncKeyState.USER32(00000001), ref: 00A19183
                                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00A1912D: GetAsyncKeyState.USER32(00000002), ref: 00A1919D
                                                                                                                                                                                                                                                                                                                                                                            • ImageList_DragLeave.COMCTL32(00000000,00000000,00000001,?,?,?,?), ref: 00A98B6B
                                                                                                                                                                                                                                                                                                                                                                            • ImageList_EndDrag.COMCTL32 ref: 00A98B71
                                                                                                                                                                                                                                                                                                                                                                            • ReleaseCapture.USER32 ref: 00A98B77
                                                                                                                                                                                                                                                                                                                                                                            • SetWindowTextW.USER32(?,00000000), ref: 00A98C12
                                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,000000B1,00000000,000000FF), ref: 00A98C25
                                                                                                                                                                                                                                                                                                                                                                            • DefDlgProcW.USER32(?,00000202,?,?,00000000,00000001,?,?,?,?), ref: 00A98CFF
                                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2226104040.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226057028.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226471803.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226549313.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a00000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                                            • API ID: AsyncDragImageList_StateWindow$CaptureClientCursorLeaveLongMessageProcReleaseScreenSendText
                                                                                                                                                                                                                                                                                                                                                                            • String ID: @GUI_DRAGFILE$@GUI_DROPID
                                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1924731296-2107944366
                                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 7e97b34d89f10e441d6b7f4fdf528094ef1aa92b1bc9b10fd1d5f8001ec7c969
                                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 6b52cb09cc722e41a4de43cabfd8c0c1703a6bc75bd4f7e0d38e495d3017869c
                                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 7e97b34d89f10e441d6b7f4fdf528094ef1aa92b1bc9b10fd1d5f8001ec7c969
                                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5E519B71205304AFDB00DF64DDA6FAA77E4FB89710F40062EF952A72E2CB749945CB62
                                                                                                                                                                                                                                                                                                                                                                            Function 00A7C253 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 94networkCOMMON
                                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                                            • InternetOpenUrlW.WININET(?,?,00000000,00000000,?,00000000), ref: 00A7C272
                                                                                                                                                                                                                                                                                                                                                                            • HttpSendRequestW.WININET(00000000,00000000,00000000,00000000,00000000), ref: 00A7C29A
                                                                                                                                                                                                                                                                                                                                                                            • HttpQueryInfoW.WININET(00000000,00000005,?,?,?), ref: 00A7C2CA
                                                                                                                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 00A7C322
                                                                                                                                                                                                                                                                                                                                                                            • SetEvent.KERNEL32(?), ref: 00A7C336
                                                                                                                                                                                                                                                                                                                                                                            • InternetCloseHandle.WININET(00000000), ref: 00A7C341
                                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2226104040.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226057028.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226471803.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226549313.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a00000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                                            • API ID: HttpInternet$CloseErrorEventHandleInfoLastOpenQueryRequestSend
                                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3113390036-3916222277
                                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 4efc83bc1c382d9558279fff40394961be4762cb7ddba3cae2d9c587f92dcf2d
                                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 85c445c5130e58e5eed64a80c1e922d3d60c776f7bc82826926fbb07859fb2e6
                                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4efc83bc1c382d9558279fff40394961be4762cb7ddba3cae2d9c587f92dcf2d
                                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: E2317CB1600708AFD721DFA48D88AABBBFCEB49764F10C51EF44A97201DB34DD059B60
                                                                                                                                                                                                                                                                                                                                                                            Function 00A6989B Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 74windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                                            • GetModuleHandleW.KERNEL32(00000000,?,?,00000FFF,00000000,?,00A43AAF,?,?,Bad directive syntax error,00A9CC08,00000000,00000010,?,?,>>>AUTOIT SCRIPT<<<), ref: 00A698BC
                                                                                                                                                                                                                                                                                                                                                                            • LoadStringW.USER32(00000000,?,00A43AAF,?), ref: 00A698C3
                                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00A09CB3: _wcslen.LIBCMT ref: 00A09CBD
                                                                                                                                                                                                                                                                                                                                                                            • MessageBoxW.USER32(00000000,00000001,00000001,00011010), ref: 00A69987
                                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2226104040.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226057028.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226471803.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226549313.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a00000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                                            • API ID: HandleLoadMessageModuleString_wcslen
                                                                                                                                                                                                                                                                                                                                                                            • String ID: Error: $%s (%d) : ==> %s.: %s %s$.$Line %d (File "%s"):$Line %d:
                                                                                                                                                                                                                                                                                                                                                                            • API String ID: 858772685-4153970271
                                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: d55071eb29c262fedb23cb059c732db44e8c78664b6f08667ec86865b0c9275b
                                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: e9f130f58cf4b7144eb115845bfbc489f03dd62c2fb8fed6cd082cbf5391a036
                                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d55071eb29c262fedb23cb059c732db44e8c78664b6f08667ec86865b0c9275b
                                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: A2217A3290021EBBCF15EF90DE46EEE7779BF18300F04486AF515660A2EB31AA58DB11
                                                                                                                                                                                                                                                                                                                                                                            Function 00A6209F Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 71windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                                            • GetParent.USER32 ref: 00A620AB
                                                                                                                                                                                                                                                                                                                                                                            • GetClassNameW.USER32(00000000,?,00000100), ref: 00A620C0
                                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,00000111,0000702B,00000000), ref: 00A6214D
                                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2226104040.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226057028.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226471803.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226549313.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a00000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                                            • API ID: ClassMessageNameParentSend
                                                                                                                                                                                                                                                                                                                                                                            • String ID: SHELLDLL_DefView$details$largeicons$list$smallicons
                                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1290815626-3381328864
                                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 4c073ca017b2b316b0b641177e972f275c1316d3298877a72835fa080a9ec534
                                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 917c8d32b2ce013f17daa9ad6c27f2523eda794005726e48854c267f4a548332
                                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4c073ca017b2b316b0b641177e972f275c1316d3298877a72835fa080a9ec534
                                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 74110A7668CB16B9F601A334EC06FE677BCDB16764B21022AFB04A90D1FE616C425714
                                                                                                                                                                                                                                                                                                                                                                            Function 00A38D45 Relevance: 13.8, APIs: 9, Instructions: 300COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2226104040.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226057028.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226471803.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226549313.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a00000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: f32ee3d99bd697cdcb4881789862ee2055c8d8b4312bd64be51555061ae2b79b
                                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 460cc1d7360a4cddbea7e3bbe87664c50a6ceb60a2708565a4c5bd7a25c43d02
                                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: f32ee3d99bd697cdcb4881789862ee2055c8d8b4312bd64be51555061ae2b79b
                                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0AC1D174A04349AFDF15DFECD841BAEBBB0AF0A310F1441A9F455A7392CB749942CB61
                                                                                                                                                                                                                                                                                                                                                                            Function 00A3CE90 Relevance: 13.7, APIs: 9, Instructions: 209COMMON
                                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2226104040.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226057028.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226471803.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226549313.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a00000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                                            • API ID: _free$EnvironmentVariable___from_strstr_to_strchr
                                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1282221369-0
                                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: b848943c96ae5c08b512923163016531c1ca011d3679ed8e6619ea6049bf8015
                                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 32ea380b144df05b93af683a140d50f37fba02456bf7eff2906e518cc65e07d7
                                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: b848943c96ae5c08b512923163016531c1ca011d3679ed8e6619ea6049bf8015
                                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: E1612871905310AFDB25AFB4AD81BAE7BA6EF06330F14416EF945B7281E7329D01C790
                                                                                                                                                                                                                                                                                                                                                                            Function 00A18B06 Relevance: 13.7, APIs: 9, Instructions: 155windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                                            • LoadImageW.USER32(00000000,?,?,00000010,00000010,00000010), ref: 00A56890
                                                                                                                                                                                                                                                                                                                                                                            • ExtractIconExW.SHELL32(?,?,00000000,00000000,00000001), ref: 00A568A9
                                                                                                                                                                                                                                                                                                                                                                            • LoadImageW.USER32(00000000,?,00000001,00000000,00000000,00000050), ref: 00A568B9
                                                                                                                                                                                                                                                                                                                                                                            • ExtractIconExW.SHELL32(?,?,?,00000000,00000001), ref: 00A568D1
                                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,00000080,00000000,00000000), ref: 00A568F2
                                                                                                                                                                                                                                                                                                                                                                            • DestroyIcon.USER32(00000000,?,00000010,00000010,00000010,?,?,?,?,?,00A18874,00000000,00000000,00000000,000000FF,00000000), ref: 00A56901
                                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,00000080,00000001,00000000), ref: 00A5691E
                                                                                                                                                                                                                                                                                                                                                                            • DestroyIcon.USER32(00000000,?,00000010,00000010,00000010,?,?,?,?,?,00A18874,00000000,00000000,00000000,000000FF,00000000), ref: 00A5692D
                                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2226104040.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226057028.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226471803.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226549313.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a00000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                                            • API ID: Icon$DestroyExtractImageLoadMessageSend
                                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1268354404-0
                                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 02ac7af4242c4a5a5ee5aea4c87f3a038786386a2e65df8340db10bb8a8f6a3b
                                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 2bdee21cfd805c39d9f2373f934481f260ce4dae787eec7b21d2e409fb1ac0fb
                                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 02ac7af4242c4a5a5ee5aea4c87f3a038786386a2e65df8340db10bb8a8f6a3b
                                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9D51B6B0A04209EFDB20CF64CC95FAA3BB6FF58760F104529F906972A0DB74E991DB50
                                                                                                                                                                                                                                                                                                                                                                            Function 00A7C143 Relevance: 13.6, APIs: 9, Instructions: 95networkCOMMON
                                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                                            • InternetConnectW.WININET(?,?,?,?,?,?,00000000,00000000), ref: 00A7C182
                                                                                                                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 00A7C195
                                                                                                                                                                                                                                                                                                                                                                            • SetEvent.KERNEL32(?), ref: 00A7C1A9
                                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00A7C253: InternetOpenUrlW.WININET(?,?,00000000,00000000,?,00000000), ref: 00A7C272
                                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00A7C253: GetLastError.KERNEL32 ref: 00A7C322
                                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00A7C253: SetEvent.KERNEL32(?), ref: 00A7C336
                                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00A7C253: InternetCloseHandle.WININET(00000000), ref: 00A7C341
                                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2226104040.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226057028.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226471803.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226549313.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a00000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                                            • API ID: Internet$ErrorEventLast$CloseConnectHandleOpen
                                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                                            • API String ID: 337547030-0
                                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: ea6c592f4b7d4d9c4ce365c95d84392c3f805e551d7a7106a96a8d859d6973bf
                                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 26ca5a32475109051999b190a084497b50dda11ed329cc31bef1f0ba47f53888
                                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: ea6c592f4b7d4d9c4ce365c95d84392c3f805e551d7a7106a96a8d859d6973bf
                                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: C6318371200B01AFDB21AFE5DD44AA7BBF8FF14320B50C52EF55A86611DB30E9159BA0
                                                                                                                                                                                                                                                                                                                                                                            Function 00A625A2 Relevance: 13.6, APIs: 9, Instructions: 60sleepkeyboardwindowCOMMON
                                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00A63A3D: GetWindowThreadProcessId.USER32(?,00000000), ref: 00A63A57
                                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00A63A3D: GetCurrentThreadId.KERNEL32 ref: 00A63A5E
                                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00A63A3D: AttachThreadInput.USER32(00000000,?,00000000,00000000,?,00A625B3), ref: 00A63A65
                                                                                                                                                                                                                                                                                                                                                                            • MapVirtualKeyW.USER32(00000025,00000000), ref: 00A625BD
                                                                                                                                                                                                                                                                                                                                                                            • PostMessageW.USER32(?,00000100,00000025,00000000), ref: 00A625DB
                                                                                                                                                                                                                                                                                                                                                                            • Sleep.KERNEL32(00000000,?,00000100,00000025,00000000), ref: 00A625DF
                                                                                                                                                                                                                                                                                                                                                                            • MapVirtualKeyW.USER32(00000025,00000000), ref: 00A625E9
                                                                                                                                                                                                                                                                                                                                                                            • PostMessageW.USER32(?,00000100,00000027,00000000), ref: 00A62601
                                                                                                                                                                                                                                                                                                                                                                            • Sleep.KERNEL32(00000000,?,00000100,00000027,00000000), ref: 00A62605
                                                                                                                                                                                                                                                                                                                                                                            • MapVirtualKeyW.USER32(00000025,00000000), ref: 00A6260F
                                                                                                                                                                                                                                                                                                                                                                            • PostMessageW.USER32(?,00000101,00000027,00000000), ref: 00A62623
                                                                                                                                                                                                                                                                                                                                                                            • Sleep.KERNEL32(00000000,?,00000101,00000027,00000000,?,00000100,00000027,00000000), ref: 00A62627
                                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2226104040.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226057028.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226471803.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226549313.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a00000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                                            • API ID: MessagePostSleepThreadVirtual$AttachCurrentInputProcessWindow
                                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                                            • API String ID: 2014098862-0
                                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 88b4c7b79d334dad63573e2a9b1019cd57655eb5faa928f16e3b065dcdd19be6
                                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 22c968a20c34abd9f8b7063c80094a6d13e8831179a5e4205f09c022ab16f744
                                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 88b4c7b79d334dad63573e2a9b1019cd57655eb5faa928f16e3b065dcdd19be6
                                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4801D831390A20BBFB10A7A9DC8AF593F69DF5EB61F100012F314AE0D1CDE21445DA69
                                                                                                                                                                                                                                                                                                                                                                            Function 00A61803 Relevance: 13.5, APIs: 9, Instructions: 49memorythreadCOMMON
                                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000008,0000000C,?,00000000,?,00A61449,?,?,00000000), ref: 00A6180C
                                                                                                                                                                                                                                                                                                                                                                            • HeapAlloc.KERNEL32(00000000,?,00A61449,?,?,00000000), ref: 00A61813
                                                                                                                                                                                                                                                                                                                                                                            • GetCurrentProcess.KERNEL32(00000000,00000000,00000000,00000002,?,00A61449,?,?,00000000), ref: 00A61828
                                                                                                                                                                                                                                                                                                                                                                            • GetCurrentProcess.KERNEL32(?,00000000,?,00A61449,?,?,00000000), ref: 00A61830
                                                                                                                                                                                                                                                                                                                                                                            • DuplicateHandle.KERNEL32(00000000,?,00A61449,?,?,00000000), ref: 00A61833
                                                                                                                                                                                                                                                                                                                                                                            • GetCurrentProcess.KERNEL32(00000000,00000000,00000000,00000002,?,00A61449,?,?,00000000), ref: 00A61843
                                                                                                                                                                                                                                                                                                                                                                            • GetCurrentProcess.KERNEL32(00A61449,00000000,?,00A61449,?,?,00000000), ref: 00A6184B
                                                                                                                                                                                                                                                                                                                                                                            • DuplicateHandle.KERNEL32(00000000,?,00A61449,?,?,00000000), ref: 00A6184E
                                                                                                                                                                                                                                                                                                                                                                            • CreateThread.KERNEL32(00000000,00000000,00A61874,00000000,00000000,00000000), ref: 00A61868
                                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2226104040.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226057028.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226471803.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226549313.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a00000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                                            • API ID: Process$Current$DuplicateHandleHeap$AllocCreateThread
                                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1957940570-0
                                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: c0b5cd1073dcb150cdf839df938633ee648268659bd6208016f96b559d461ad8
                                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 0f9539326aa416451551572a91ad027f5d12c64b39597cb6b12ff317fa1de331
                                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: c0b5cd1073dcb150cdf839df938633ee648268659bd6208016f96b559d461ad8
                                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4601A8B5340708BFEA10EBA5DD4AF6B7BACEB89B11F504512FA05DB1A1CA7098018B34
                                                                                                                                                                                                                                                                                                                                                                            Function 00A8A0E2 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 160COMMON
                                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00A6D4DC: CreateToolhelp32Snapshot.KERNEL32 ref: 00A6D501
                                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00A6D4DC: Process32FirstW.KERNEL32(00000000,?), ref: 00A6D50F
                                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00A6D4DC: CloseHandle.KERNEL32(00000000), ref: 00A6D5DC
                                                                                                                                                                                                                                                                                                                                                                            • OpenProcess.KERNEL32(00000001,00000000,?), ref: 00A8A16D
                                                                                                                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 00A8A180
                                                                                                                                                                                                                                                                                                                                                                            • OpenProcess.KERNEL32(00000001,00000000,?), ref: 00A8A1B3
                                                                                                                                                                                                                                                                                                                                                                            • TerminateProcess.KERNEL32(00000000,00000000), ref: 00A8A268
                                                                                                                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(00000000), ref: 00A8A273
                                                                                                                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 00A8A2C4
                                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2226104040.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226057028.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226471803.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226549313.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a00000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                                            • API ID: Process$CloseErrorHandleLastOpen$CreateFirstProcess32SnapshotTerminateToolhelp32
                                                                                                                                                                                                                                                                                                                                                                            • String ID: SeDebugPrivilege
                                                                                                                                                                                                                                                                                                                                                                            • API String ID: 2533919879-2896544425
                                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 66449d2677d604610e5645cffd1df7eb49455bc33414598a6a24eb695c4af02c
                                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 3fda9390ebbb5054ee12bd9a3c6751b9113b9df887736ef60681faac84fca099
                                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 66449d2677d604610e5645cffd1df7eb49455bc33414598a6a24eb695c4af02c
                                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: DF61C3702046429FE720EF18C494F56BBE1AF54318F18858DE4664F7A3DB76EC45CB92
                                                                                                                                                                                                                                                                                                                                                                            Function 00A93886 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 141windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,00001036,00000010,00000010), ref: 00A93925
                                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,00001036,00000000,?), ref: 00A9393A
                                                                                                                                                                                                                                                                                                                                                                            • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000013), ref: 00A93954
                                                                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 00A93999
                                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00001057,00000000,?), ref: 00A939C6
                                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00001061,?,0000000F), ref: 00A939F4
                                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2226104040.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226057028.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226471803.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226549313.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a00000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                                            • API ID: MessageSend$Window_wcslen
                                                                                                                                                                                                                                                                                                                                                                            • String ID: SysListView32
                                                                                                                                                                                                                                                                                                                                                                            • API String ID: 2147712094-78025650
                                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: a0550c0735e3b0daf6030af93a1700800689b7114b7973fc35e5f6644207bd0e
                                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 9787f35fb649b06185798f6fdaf07f34df19b13052bce25c5313b8f2765374ed
                                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a0550c0735e3b0daf6030af93a1700800689b7114b7973fc35e5f6644207bd0e
                                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 52418372A00219ABEF21DFA4CC45BEE7BF9EF08354F100526F959E7281D7759980CB90
                                                                                                                                                                                                                                                                                                                                                                            Function 00A6BC5E Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 137windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                                            • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 00A6BCFD
                                                                                                                                                                                                                                                                                                                                                                            • IsMenu.USER32(00000000), ref: 00A6BD1D
                                                                                                                                                                                                                                                                                                                                                                            • CreatePopupMenu.USER32 ref: 00A6BD53
                                                                                                                                                                                                                                                                                                                                                                            • GetMenuItemCount.USER32(014358B0), ref: 00A6BDA4
                                                                                                                                                                                                                                                                                                                                                                            • InsertMenuItemW.USER32(014358B0,?,00000001,00000030), ref: 00A6BDCC
                                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2226104040.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226057028.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226471803.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226549313.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a00000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                                            • API ID: Menu$Item$CountCreateInfoInsertPopup
                                                                                                                                                                                                                                                                                                                                                                            • String ID: 0$2
                                                                                                                                                                                                                                                                                                                                                                            • API String ID: 93392585-3793063076
                                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 2ad97aa582ba17e054992a6ef28f26e582d188cb80f8aba213eda444b86293cb
                                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: baaef7fb8a66a89a68a344589a70706ed3dc73afd86f2ca643db4e5fd87ec82c
                                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2ad97aa582ba17e054992a6ef28f26e582d188cb80f8aba213eda444b86293cb
                                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5751AF70A10205EBDF21DFA8D984BAEBBF8BF45324F14426AE851DB291D7709981CB71
                                                                                                                                                                                                                                                                                                                                                                            Function 00A6C874 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 81windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                                            • LoadIconW.USER32(00000000,00007F03), ref: 00A6C913
                                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2226104040.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226057028.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226471803.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226549313.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a00000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                                            • API ID: IconLoad
                                                                                                                                                                                                                                                                                                                                                                            • String ID: blank$info$question$stop$warning
                                                                                                                                                                                                                                                                                                                                                                            • API String ID: 2457776203-404129466
                                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: b7c24f64875999f9b16a3ba3960936f1e5e5c18c125eac7c7156952d096b03ad
                                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 06da8e4084aedd268a0921de97156fcc1025e23335fc8b809f7504a8f9a42658
                                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: b7c24f64875999f9b16a3ba3960936f1e5e5c18c125eac7c7156952d096b03ad
                                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4511B733689706BAE715DB54AC82DBA67BCDF19774B60043FF544A7282E7B05E005264
                                                                                                                                                                                                                                                                                                                                                                            Function 00A6ED19 Relevance: 12.1, APIs: 8, Instructions: 137timeCOMMON
                                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2226104040.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226057028.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226471803.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226549313.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a00000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                                            • API ID: _wcslen$LocalTime
                                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                                            • API String ID: 952045576-0
                                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 4e31d4b62ddb6b6773933e03fab089386edf7938c3bb29773dc879824e70820c
                                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 84eddd4972638356ba3da74961b31db1ec33c1ca38a0a7b2ba573692e1e93838
                                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4e31d4b62ddb6b6773933e03fab089386edf7938c3bb29773dc879824e70820c
                                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 22419375C10228B5DB11EBF8988A9CFB7BCAF49710F508472E528E3122FB34E255C3A5
                                                                                                                                                                                                                                                                                                                                                                            Function 00A1F8D8 Relevance: 12.1, APIs: 8, Instructions: 124COMMON
                                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                                            • ShowWindow.USER32(FFFFFFFF,000000FF,?,00000000,?,00A5682C,00000004,00000000,00000000), ref: 00A1F953
                                                                                                                                                                                                                                                                                                                                                                            • ShowWindow.USER32(FFFFFFFF,00000006,?,00000000,?,00A5682C,00000004,00000000,00000000), ref: 00A5F3D1
                                                                                                                                                                                                                                                                                                                                                                            • ShowWindow.USER32(FFFFFFFF,000000FF,?,00000000,?,00A5682C,00000004,00000000,00000000), ref: 00A5F454
                                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2226104040.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226057028.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226471803.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226549313.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a00000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                                            • API ID: ShowWindow
                                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1268545403-0
                                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 7cfbf87594aebe2d03dba47be73a99596757e19ab945d96f9b7c193a41e2639f
                                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: e6e4e121fb8258a03ac338f77976bb4e8cb36372f7fdb498ef0bd268193d6d05
                                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 7cfbf87594aebe2d03dba47be73a99596757e19ab945d96f9b7c193a41e2639f
                                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 78414B312086C0BFD738EB79CD887AA7BA1BB46331F58443DE49756560D631A8C6CB10
                                                                                                                                                                                                                                                                                                                                                                            Function 00A92D03 Relevance: 12.1, APIs: 8, Instructions: 95windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                                            • DeleteObject.GDI32(00000000), ref: 00A92D1B
                                                                                                                                                                                                                                                                                                                                                                            • GetDC.USER32(00000000), ref: 00A92D23
                                                                                                                                                                                                                                                                                                                                                                            • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00A92D2E
                                                                                                                                                                                                                                                                                                                                                                            • ReleaseDC.USER32(00000000,00000000), ref: 00A92D3A
                                                                                                                                                                                                                                                                                                                                                                            • CreateFontW.GDI32(?,00000000,00000000,00000000,?,00000000,00000000,00000000,00000001,00000004,00000000,?,00000000,?), ref: 00A92D76
                                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00000030,00000000,00000001), ref: 00A92D87
                                                                                                                                                                                                                                                                                                                                                                            • MoveWindow.USER32(?,?,?,?,?,00000000,?,?,00A95A65,?,?,000000FF,00000000,?,000000FF,?), ref: 00A92DC2
                                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00000142,00000000,00000000), ref: 00A92DE1
                                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2226104040.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226057028.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226471803.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226549313.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a00000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                                            • API ID: MessageSend$CapsCreateDeleteDeviceFontMoveObjectReleaseWindow
                                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3864802216-0
                                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: ac64b8987e6ad8d1c20f0cae51fec2cd3eccdf4599526111dded7472a65804a9
                                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: edd99ada9995e53179ef94e937606816a25cf7a950baea29c25415e54404ae02
                                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: ac64b8987e6ad8d1c20f0cae51fec2cd3eccdf4599526111dded7472a65804a9
                                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: BB317C72201614BFEF118F90CC8AFEB3BA9EF09725F044056FE089A291CA759C51CBB4
                                                                                                                                                                                                                                                                                                                                                                            Function 00A65622 Relevance: 12.1, APIs: 8, Instructions: 92COMMON
                                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2226104040.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226057028.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226471803.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226549313.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a00000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                                            • API ID: _memcmp
                                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                                            • API String ID: 2931989736-0
                                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: db6051be97278971d2af9887a241519484ed1748319bf4d6ff3f14053a3d9226
                                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 4ade12e7f47ab12d75ef01133c44fd905f6deaa22368273b871fadf82fbda4c2
                                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: db6051be97278971d2af9887a241519484ed1748319bf4d6ff3f14053a3d9226
                                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2A219275F40A197BD6149635EF82FBA33BDAE20394F484430FD04AE681F720ED20C5A5
                                                                                                                                                                                                                                                                                                                                                                            Function 00A84FAE Relevance: 10.9, APIs: 4, Strings: 2, Instructions: 359COMMON
                                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2226104040.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226057028.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226471803.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226549313.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a00000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                                                                                                                            • String ID: NULL Pointer assignment$Not an Object type
                                                                                                                                                                                                                                                                                                                                                                            • API String ID: 0-572801152
                                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: a8bc19277208689c086391872ee4d3122427c7d96e3c3d05670a274685934e5e
                                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: a98c2c0ef161a9bd65158b6fecdd284f28ef5b5cb17912b940d9f50cda3abbae
                                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a8bc19277208689c086391872ee4d3122427c7d96e3c3d05670a274685934e5e
                                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: E2D1BD75E0060AAFDF10EFA8C894BAEB7B5FF48354F148569E915AB280E770DD41CB90
                                                                                                                                                                                                                                                                                                                                                                            Function 00A41522 Relevance: 10.8, APIs: 7, Instructions: 268COMMON
                                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                                            • GetCPInfo.KERNEL32(00000000,00000000,?,7FFFFFFF,?,?,00A417FB,00000000,00000000,?,00000000,?,?,?,?,00000000), ref: 00A415CE
                                                                                                                                                                                                                                                                                                                                                                            • MultiByteToWideChar.KERNEL32(00000000,00000009,00000000,00000000,00000000,00000000,?,00A417FB,00000000,00000000,?,00000000,?,?,?,?), ref: 00A41651
                                                                                                                                                                                                                                                                                                                                                                            • MultiByteToWideChar.KERNEL32(00000000,00000001,00000000,00000000,00000000,00A417FB,?,00A417FB,00000000,00000000,?,00000000,?,?,?,?), ref: 00A416E4
                                                                                                                                                                                                                                                                                                                                                                            • MultiByteToWideChar.KERNEL32(00000000,00000009,00000000,00000000,00000000,00000000,?,00A417FB,00000000,00000000,?,00000000,?,?,?,?), ref: 00A416FB
                                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00A33820: RtlAllocateHeap.NTDLL(00000000,?,00AD1444,?,00A1FDF5,?,?,00A0A976,00000010,00AD1440,00A013FC,?,00A013C6,?,00A01129), ref: 00A33852
                                                                                                                                                                                                                                                                                                                                                                            • MultiByteToWideChar.KERNEL32(00000000,00000001,00000000,00000000,00000000,00000000,?,00A417FB,00000000,00000000,?,00000000,?,?,?,?), ref: 00A41777
                                                                                                                                                                                                                                                                                                                                                                            • __freea.LIBCMT ref: 00A417A2
                                                                                                                                                                                                                                                                                                                                                                            • __freea.LIBCMT ref: 00A417AE
                                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2226104040.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226057028.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226471803.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226549313.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a00000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                                            • API ID: ByteCharMultiWide$__freea$AllocateHeapInfo
                                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                                            • API String ID: 2829977744-0
                                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 324af7965aadba3d07f58f04248c28a3435649c7fc511b4c66c326f3640a2242
                                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 56f286b85454d15c56efd9267201aca7d60efa01ddd36b00d69c89fd09a36f3d
                                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 324af7965aadba3d07f58f04248c28a3435649c7fc511b4c66c326f3640a2242
                                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F391B27AE002169EDF208FA4C981AEEBBB5AFC9350F184659F805E7141EB35DD81CB61
                                                                                                                                                                                                                                                                                                                                                                            Function 00A84523 Relevance: 10.8, APIs: 4, Strings: 2, Instructions: 262COMMON
                                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2226104040.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226057028.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226471803.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226549313.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a00000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                                            • API ID: Variant$ClearInit
                                                                                                                                                                                                                                                                                                                                                                            • String ID: Incorrect Object type in FOR..IN loop$Null Object assignment in FOR..IN loop
                                                                                                                                                                                                                                                                                                                                                                            • API String ID: 2610073882-625585964
                                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: da2dfb6071a46d12bd18bd1eb4cf8ebc3f47e93a8f6a55c8adcbe3c5e63660bb
                                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: bbe24ec0a9bb558ff49101f9469e3b6c2cf229161988cbead4b3a9efb0af268d
                                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: da2dfb6071a46d12bd18bd1eb4cf8ebc3f47e93a8f6a55c8adcbe3c5e63660bb
                                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3B917271A0021AAFDF24DFA5C844FAEBBB8EF4A714F108569F515AB280D7749941CFA0
                                                                                                                                                                                                                                                                                                                                                                            Function 00A71187 Relevance: 10.8, APIs: 7, Instructions: 254COMMON
                                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                                            • SafeArrayGetVartype.OLEAUT32(00000001,?), ref: 00A7125C
                                                                                                                                                                                                                                                                                                                                                                            • SafeArrayAccessData.OLEAUT32(00000000,?), ref: 00A71284
                                                                                                                                                                                                                                                                                                                                                                            • SafeArrayUnaccessData.OLEAUT32(00000001), ref: 00A712A8
                                                                                                                                                                                                                                                                                                                                                                            • SafeArrayAccessData.OLEAUT32(00000001,?), ref: 00A712D8
                                                                                                                                                                                                                                                                                                                                                                            • SafeArrayAccessData.OLEAUT32(00000001,?), ref: 00A7135F
                                                                                                                                                                                                                                                                                                                                                                            • SafeArrayAccessData.OLEAUT32(00000001,?), ref: 00A713C4
                                                                                                                                                                                                                                                                                                                                                                            • SafeArrayAccessData.OLEAUT32(00000001,?), ref: 00A71430
                                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2226104040.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226057028.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226471803.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226549313.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a00000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                                            • API ID: ArraySafe$Data$Access$UnaccessVartype
                                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                                            • API String ID: 2550207440-0
                                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 42f86fd3b21ad5b383a7fda7fda0e0452aa7fd023ef5835cd8f10949832f462c
                                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 8b99ec0e8ee5cf9a43073f09f3927062846b0be19d616ca37d318e1c4c542a85
                                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 42f86fd3b21ad5b383a7fda7fda0e0452aa7fd023ef5835cd8f10949832f462c
                                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F491AE75A00219AFDB00DFA8D884BBEB7F5FF45325F14C029E958EB292D774A941CB90
                                                                                                                                                                                                                                                                                                                                                                            Function 00A1948A Relevance: 10.8, APIs: 7, Instructions: 254COMMON
                                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2226104040.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226057028.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226471803.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226549313.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a00000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                                            • API ID: ObjectSelect$BeginCreatePath
                                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3225163088-0
                                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: f987467818002fba8f9c7cb93d18c56012f0f29d658929f6dd4dd4c56a4eac74
                                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 6156616d4041a3cb2eaa542d907c0222be5da6fff59dae446244282a81a8e96a
                                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: f987467818002fba8f9c7cb93d18c56012f0f29d658929f6dd4dd4c56a4eac74
                                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5B913871D40219EFCB10CFA9CC84AEEBBB9FF49320F148155E915B7251D774AA86CB60
                                                                                                                                                                                                                                                                                                                                                                            Function 00A83947 Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 240COMMON
                                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                                            • VariantInit.OLEAUT32(?), ref: 00A8396B
                                                                                                                                                                                                                                                                                                                                                                            • CharUpperBuffW.USER32(?,?), ref: 00A83A7A
                                                                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 00A83A8A
                                                                                                                                                                                                                                                                                                                                                                            • VariantClear.OLEAUT32(?), ref: 00A83C1F
                                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00A70CDF: VariantInit.OLEAUT32(00000000), ref: 00A70D1F
                                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00A70CDF: VariantCopy.OLEAUT32(?,?), ref: 00A70D28
                                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00A70CDF: VariantClear.OLEAUT32(?), ref: 00A70D34
                                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2226104040.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226057028.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226471803.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226549313.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a00000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                                            • API ID: Variant$ClearInit$BuffCharCopyUpper_wcslen
                                                                                                                                                                                                                                                                                                                                                                            • String ID: AUTOIT.ERROR$Incorrect Parameter format
                                                                                                                                                                                                                                                                                                                                                                            • API String ID: 4137639002-1221869570
                                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 83c134edf5045e7a548db4269a15ea9582070d49c6bbae6e18fcf994b8125538
                                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: e51aa12b5e6165b8df376e4dea182d164ec84b76dfb788267dd6220ec88bd356
                                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 83c134edf5045e7a548db4269a15ea9582070d49c6bbae6e18fcf994b8125538
                                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8B917A756083059FCB04EF24C58496AB7E4FF88714F14882DF88A9B351DB31EE45CB92
                                                                                                                                                                                                                                                                                                                                                                            Function 00A84BAD Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 236COMMON
                                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00A6000E: CLSIDFromProgID.OLE32(?,?,?,00000000,?,?,?,-C000001E,00000001,?,00A5FF41,80070057,?,?,?,00A6035E), ref: 00A6002B
                                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00A6000E: ProgIDFromCLSID.OLE32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,00A5FF41,80070057,?,?), ref: 00A60046
                                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00A6000E: lstrcmpiW.KERNEL32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,00A5FF41,80070057,?,?), ref: 00A60054
                                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00A6000E: CoTaskMemFree.OLE32(00000000,?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,00A5FF41,80070057,?), ref: 00A60064
                                                                                                                                                                                                                                                                                                                                                                            • CoInitializeSecurity.OLE32(00000000,000000FF,00000000,00000000,00000002,00000003,00000000,00000000,00000000,00000001,?,?), ref: 00A84C51
                                                                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 00A84D59
                                                                                                                                                                                                                                                                                                                                                                            • CoCreateInstanceEx.OLE32(?,00000000,00000015,?,00000001,?), ref: 00A84DCF
                                                                                                                                                                                                                                                                                                                                                                            • CoTaskMemFree.OLE32(?), ref: 00A84DDA
                                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2226104040.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226057028.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226471803.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226549313.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a00000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                                            • API ID: FreeFromProgTask$CreateInitializeInstanceSecurity_wcslenlstrcmpi
                                                                                                                                                                                                                                                                                                                                                                            • String ID: NULL Pointer assignment
                                                                                                                                                                                                                                                                                                                                                                            • API String ID: 614568839-2785691316
                                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 2d71f9b6c9df78f6cecaf1fbb946e7453229db4f1bc3f6ec0e59a23a07da0cc5
                                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 75db48bb9f3113934378397d9fd1dd77965e87cf24d312e4bdeb255a95d91de5
                                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2d71f9b6c9df78f6cecaf1fbb946e7453229db4f1bc3f6ec0e59a23a07da0cc5
                                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0C912871D0021DAFDF14EFA4D891EEEB7B8BF08314F10816AE915A7291EB309A45CF60
                                                                                                                                                                                                                                                                                                                                                                            Function 00A920FD Relevance: 10.7, APIs: 7, Instructions: 196windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                                            • GetMenu.USER32(?), ref: 00A92183
                                                                                                                                                                                                                                                                                                                                                                            • GetMenuItemCount.USER32(00000000), ref: 00A921B5
                                                                                                                                                                                                                                                                                                                                                                            • GetMenuStringW.USER32(00000000,00000000,?,00007FFF,00000400), ref: 00A921DD
                                                                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 00A92213
                                                                                                                                                                                                                                                                                                                                                                            • GetMenuItemID.USER32(?,?), ref: 00A9224D
                                                                                                                                                                                                                                                                                                                                                                            • GetSubMenu.USER32(?,?), ref: 00A9225B
                                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00A63A3D: GetWindowThreadProcessId.USER32(?,00000000), ref: 00A63A57
                                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00A63A3D: GetCurrentThreadId.KERNEL32 ref: 00A63A5E
                                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00A63A3D: AttachThreadInput.USER32(00000000,?,00000000,00000000,?,00A625B3), ref: 00A63A65
                                                                                                                                                                                                                                                                                                                                                                            • PostMessageW.USER32(?,00000111,00000000,00000000), ref: 00A922E3
                                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00A6E97B: Sleep.KERNEL32 ref: 00A6E9F3
                                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2226104040.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226057028.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226471803.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226549313.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a00000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                                            • API ID: Menu$Thread$Item$AttachCountCurrentInputMessagePostProcessSleepStringWindow_wcslen
                                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                                            • API String ID: 4196846111-0
                                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 53261243818ada3a599390b53ccd81b3ec6a8eb56305f72df11ff52b5576ef82
                                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 110bff2a614c5263ff00f18c30f58a32718f75f61bdd6adaeaf9225aa05c50e6
                                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 53261243818ada3a599390b53ccd81b3ec6a8eb56305f72df11ff52b5576ef82
                                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: B1717D75B00215AFCF10EFA8D945BAEB7F5EF88320F148469E816EB341DB34AD418B90
                                                                                                                                                                                                                                                                                                                                                                            Function 00A6AEBA Relevance: 10.7, APIs: 7, Instructions: 162windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                                            • GetParent.USER32(?), ref: 00A6AEF9
                                                                                                                                                                                                                                                                                                                                                                            • GetKeyboardState.USER32(?), ref: 00A6AF0E
                                                                                                                                                                                                                                                                                                                                                                            • SetKeyboardState.USER32(?), ref: 00A6AF6F
                                                                                                                                                                                                                                                                                                                                                                            • PostMessageW.USER32(?,00000101,00000010,?), ref: 00A6AF9D
                                                                                                                                                                                                                                                                                                                                                                            • PostMessageW.USER32(?,00000101,00000011,?), ref: 00A6AFBC
                                                                                                                                                                                                                                                                                                                                                                            • PostMessageW.USER32(?,00000101,00000012,?), ref: 00A6AFFD
                                                                                                                                                                                                                                                                                                                                                                            • PostMessageW.USER32(?,00000101,0000005B,?), ref: 00A6B020
                                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2226104040.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226057028.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226471803.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226549313.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a00000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                                            • API ID: MessagePost$KeyboardState$Parent
                                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                                            • API String ID: 87235514-0
                                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 5aa19537f470fe5d49792175e12064dabe97964daa7c89937c68f925d02c64da
                                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 9d19545eed4c4ac27363df73d8c2b33f7e2670241321a85517ecdebae143cf38
                                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 5aa19537f470fe5d49792175e12064dabe97964daa7c89937c68f925d02c64da
                                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3751C2A0A147D53DFB3683348C45BBABEF95B06304F088489E1D9958C3C7A9ACC4DB62
                                                                                                                                                                                                                                                                                                                                                                            Function 00A6ACDA Relevance: 10.7, APIs: 7, Instructions: 161windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                                            • GetParent.USER32(00000000), ref: 00A6AD19
                                                                                                                                                                                                                                                                                                                                                                            • GetKeyboardState.USER32(?), ref: 00A6AD2E
                                                                                                                                                                                                                                                                                                                                                                            • SetKeyboardState.USER32(?), ref: 00A6AD8F
                                                                                                                                                                                                                                                                                                                                                                            • PostMessageW.USER32(00000000,00000100,00000010,?), ref: 00A6ADBB
                                                                                                                                                                                                                                                                                                                                                                            • PostMessageW.USER32(00000000,00000100,00000011,?), ref: 00A6ADD8
                                                                                                                                                                                                                                                                                                                                                                            • PostMessageW.USER32(00000000,00000100,00000012,?), ref: 00A6AE17
                                                                                                                                                                                                                                                                                                                                                                            • PostMessageW.USER32(00000000,00000100,0000005B,?), ref: 00A6AE38
                                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2226104040.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226057028.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226471803.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226549313.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a00000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                                            • API ID: MessagePost$KeyboardState$Parent
                                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                                            • API String ID: 87235514-0
                                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 3b894f7995741a31c0833ee3b0bf2b5f3db2e2dce00c6b8024a598fa92927f5a
                                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 0a85e7a775ef423527265aa8e781541281b3e697c43c6c5c4b7c8ffc040b61a9
                                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3b894f7995741a31c0833ee3b0bf2b5f3db2e2dce00c6b8024a598fa92927f5a
                                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0A5108A16047E57DFB3383348C95BBA7EF85B55300F088489E1D5668C3D7A5EC84DB62
                                                                                                                                                                                                                                                                                                                                                                            Function 00A3542E Relevance: 10.7, APIs: 7, Instructions: 152fileCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                                            • GetConsoleCP.KERNEL32(00A43CD6,?,?,?,?,?,?,?,?,00A35BA3,?,?,00A43CD6,?,?), ref: 00A35470
                                                                                                                                                                                                                                                                                                                                                                            • __fassign.LIBCMT ref: 00A354EB
                                                                                                                                                                                                                                                                                                                                                                            • __fassign.LIBCMT ref: 00A35506
                                                                                                                                                                                                                                                                                                                                                                            • WideCharToMultiByte.KERNEL32(?,00000000,?,00000001,00A43CD6,00000005,00000000,00000000), ref: 00A3552C
                                                                                                                                                                                                                                                                                                                                                                            • WriteFile.KERNEL32(?,00A43CD6,00000000,00A35BA3,00000000,?,?,?,?,?,?,?,?,?,00A35BA3,?), ref: 00A3554B
                                                                                                                                                                                                                                                                                                                                                                            • WriteFile.KERNEL32(?,?,00000001,00A35BA3,00000000,?,?,?,?,?,?,?,?,?,00A35BA3,?), ref: 00A35584
                                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2226104040.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226057028.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226471803.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226549313.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a00000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                                            • API ID: FileWrite__fassign$ByteCharConsoleMultiWide
                                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1324828854-0
                                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 4ac015ef570ed81df96a002731da5d936c399a96a680cf76ebce2b5020b89567
                                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: ef8afdda1fe4aaf7938fd958ad3d9e37c760b5a5d76fe0d6538fa80213b65e42
                                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4ac015ef570ed81df96a002731da5d936c399a96a680cf76ebce2b5020b89567
                                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: A2519071E00649AFDB10CFA8D845AEEBBF9EF09310F14456AF956E7291D730AA41CB60
                                                                                                                                                                                                                                                                                                                                                                            Function 00A22D20 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 117COMMON
                                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                                            • _ValidateLocalCookies.LIBCMT ref: 00A22D4B
                                                                                                                                                                                                                                                                                                                                                                            • ___except_validate_context_record.LIBVCRUNTIME ref: 00A22D53
                                                                                                                                                                                                                                                                                                                                                                            • _ValidateLocalCookies.LIBCMT ref: 00A22DE1
                                                                                                                                                                                                                                                                                                                                                                            • __IsNonwritableInCurrentImage.LIBCMT ref: 00A22E0C
                                                                                                                                                                                                                                                                                                                                                                            • _ValidateLocalCookies.LIBCMT ref: 00A22E61
                                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2226104040.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226057028.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226471803.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226549313.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a00000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                                            • API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
                                                                                                                                                                                                                                                                                                                                                                            • String ID: csm
                                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1170836740-1018135373
                                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: f6177b5dad0ad0ceca91dd9618c2631c49202fcad35706c938b5183eaeffa7f8
                                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: feee4d2df80f0fd5f1e062d9b922675b8e7cea834ed4872612ed2839dfa94694
                                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: f6177b5dad0ad0ceca91dd9618c2631c49202fcad35706c938b5183eaeffa7f8
                                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4E419D35E00229BBCF10DF6CE845BAEBBB5BF45324F148165E815AB392D735AA05CB90
                                                                                                                                                                                                                                                                                                                                                                            Function 00A810B8 Relevance: 10.6, APIs: 7, Instructions: 110networkCOMMON
                                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00A8304E: inet_addr.WSOCK32(?,?,?,?,?,00000000), ref: 00A8307A
                                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00A8304E: _wcslen.LIBCMT ref: 00A8309B
                                                                                                                                                                                                                                                                                                                                                                            • socket.WSOCK32(00000002,00000001,00000006,?,?,00000000), ref: 00A81112
                                                                                                                                                                                                                                                                                                                                                                            • WSAGetLastError.WSOCK32 ref: 00A81121
                                                                                                                                                                                                                                                                                                                                                                            • WSAGetLastError.WSOCK32 ref: 00A811C9
                                                                                                                                                                                                                                                                                                                                                                            • closesocket.WSOCK32(00000000), ref: 00A811F9
                                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2226104040.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226057028.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226471803.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226549313.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a00000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                                            • API ID: ErrorLast$_wcslenclosesocketinet_addrsocket
                                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                                            • API String ID: 2675159561-0
                                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 16f08654171c90c2fd2adfe024563eb684677807c8e37185be3bd04fa890d91a
                                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: fd42c740b001dad7fa498e57a22e2a22a187b1be48b8e1acb4322ab9140ea617
                                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 16f08654171c90c2fd2adfe024563eb684677807c8e37185be3bd04fa890d91a
                                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: BE41F431600604AFDB10EF54D888BA9B7E9FF45764F148259F9059B291DB70AD82CBE1
                                                                                                                                                                                                                                                                                                                                                                            Function 00A6CF00 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 108filestringCOMMON
                                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00A6DDE0: GetFullPathNameW.KERNEL32(00000000,00007FFF,?,?,?,?,?,?,00A6CF22,?), ref: 00A6DDFD
                                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00A6DDE0: GetFullPathNameW.KERNEL32(?,00007FFF,?,?,?,?,?,00A6CF22,?), ref: 00A6DE16
                                                                                                                                                                                                                                                                                                                                                                            • lstrcmpiW.KERNEL32(?,?), ref: 00A6CF45
                                                                                                                                                                                                                                                                                                                                                                            • MoveFileW.KERNEL32(?,?), ref: 00A6CF7F
                                                                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 00A6D005
                                                                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 00A6D01B
                                                                                                                                                                                                                                                                                                                                                                            • SHFileOperationW.SHELL32(?), ref: 00A6D061
                                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2226104040.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226057028.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226471803.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226549313.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a00000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                                            • API ID: FileFullNamePath_wcslen$MoveOperationlstrcmpi
                                                                                                                                                                                                                                                                                                                                                                            • String ID: \*.*
                                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3164238972-1173974218
                                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 692c56f8eab060b1f12e1d969fe8516766c858289d58de7f98056c64d121e2b5
                                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 8a7b5fef1d3e89a7b80b69048d6b051f375ea8e0b943336b3bd432efdca7a891
                                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 692c56f8eab060b1f12e1d969fe8516766c858289d58de7f98056c64d121e2b5
                                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 59416971D452189FDF12EFA4DA81AEEB7B8AF08780F0000E6E545EB142EF34A785CB50
                                                                                                                                                                                                                                                                                                                                                                            Function 00A92DFD Relevance: 10.6, APIs: 7, Instructions: 99windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,000000F0,00000000,00000000), ref: 00A92E1C
                                                                                                                                                                                                                                                                                                                                                                            • GetWindowLongW.USER32(?,000000F0), ref: 00A92E4F
                                                                                                                                                                                                                                                                                                                                                                            • GetWindowLongW.USER32(?,000000F0), ref: 00A92E84
                                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,000000F1,00000000,00000000), ref: 00A92EB6
                                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,000000F1,00000001,00000000), ref: 00A92EE0
                                                                                                                                                                                                                                                                                                                                                                            • GetWindowLongW.USER32(?,000000F0), ref: 00A92EF1
                                                                                                                                                                                                                                                                                                                                                                            • SetWindowLongW.USER32(?,000000F0,00000000), ref: 00A92F0B
                                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2226104040.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226057028.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226471803.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226549313.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a00000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                                            • API ID: LongWindow$MessageSend
                                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                                            • API String ID: 2178440468-0
                                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 4316235a1fe43541631db931063aeaf8b3c8d67b6e31d2d853d8d12cdf781501
                                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: d2b8a6463b02a633c54837e8c4b61c04ac5c1e38076472ce5de4b938fcd15124
                                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4316235a1fe43541631db931063aeaf8b3c8d67b6e31d2d853d8d12cdf781501
                                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: B4310E35745240AFEF21CF98DCD4FA53BE0FB8A720F1501A6FA018B2B2CB61A8419B50
                                                                                                                                                                                                                                                                                                                                                                            Function 00A67726 Relevance: 10.6, APIs: 7, Instructions: 94memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                                            • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 00A67769
                                                                                                                                                                                                                                                                                                                                                                            • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 00A6778F
                                                                                                                                                                                                                                                                                                                                                                            • SysAllocString.OLEAUT32(00000000), ref: 00A67792
                                                                                                                                                                                                                                                                                                                                                                            • SysAllocString.OLEAUT32(?), ref: 00A677B0
                                                                                                                                                                                                                                                                                                                                                                            • SysFreeString.OLEAUT32(?), ref: 00A677B9
                                                                                                                                                                                                                                                                                                                                                                            • StringFromGUID2.OLE32(?,?,00000028), ref: 00A677DE
                                                                                                                                                                                                                                                                                                                                                                            • SysAllocString.OLEAUT32(?), ref: 00A677EC
                                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2226104040.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226057028.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226471803.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226549313.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a00000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                                            • API ID: String$Alloc$ByteCharMultiWide$FreeFrom
                                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3761583154-0
                                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: e6538f1d743fe910ded275ab76e33fdf17231a9ab27cbaff26cb6e0f2c5b64ed
                                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: cc141da66d3234c5ae35470a26c1cf0146d928bed6a3e020b5e3d031d883954e
                                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: e6538f1d743fe910ded275ab76e33fdf17231a9ab27cbaff26cb6e0f2c5b64ed
                                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 87218E76718219AFDF10DFA8CD88CBF77BCEB09768B048126BA15DB190DA74DC428764
                                                                                                                                                                                                                                                                                                                                                                            Function 00A677FD Relevance: 10.6, APIs: 7, Instructions: 89memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                                            • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 00A67842
                                                                                                                                                                                                                                                                                                                                                                            • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 00A67868
                                                                                                                                                                                                                                                                                                                                                                            • SysAllocString.OLEAUT32(00000000), ref: 00A6786B
                                                                                                                                                                                                                                                                                                                                                                            • SysAllocString.OLEAUT32 ref: 00A6788C
                                                                                                                                                                                                                                                                                                                                                                            • SysFreeString.OLEAUT32 ref: 00A67895
                                                                                                                                                                                                                                                                                                                                                                            • StringFromGUID2.OLE32(?,?,00000028), ref: 00A678AF
                                                                                                                                                                                                                                                                                                                                                                            • SysAllocString.OLEAUT32(?), ref: 00A678BD
                                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2226104040.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226057028.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226471803.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226549313.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a00000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                                            • API ID: String$Alloc$ByteCharMultiWide$FreeFrom
                                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3761583154-0
                                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 04a0687a0b3c387e9b141ac604aa1ce103ab43a9ce5e2b283bfdcf44d7722f62
                                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 53406930a27d483acfbecf581bf90ad2e65322bafce783038712e36c30559047
                                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 04a0687a0b3c387e9b141ac604aa1ce103ab43a9ce5e2b283bfdcf44d7722f62
                                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D7215C36718204AFDF10AFE8DC8CDAE77BCEB097647108126B915CB2A1DA74DC81CB64
                                                                                                                                                                                                                                                                                                                                                                            Function 00A704D2 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 80pipeCOMMON
                                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                                            • GetStdHandle.KERNEL32(0000000C), ref: 00A704F2
                                                                                                                                                                                                                                                                                                                                                                            • CreatePipe.KERNEL32(?,?,0000000C,00000000), ref: 00A7052E
                                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2226104040.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226057028.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226471803.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226549313.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a00000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                                            • API ID: CreateHandlePipe
                                                                                                                                                                                                                                                                                                                                                                            • String ID: nul
                                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1424370930-2873401336
                                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 008b9c51011e3fe6c2623f75d613473fc0703907541bba6e03b8bb7b0efdd213
                                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 60847a61f8a852b82bd2604bc6b99800376817ad71d4a4fd76ebcf8043a56c68
                                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 008b9c51011e3fe6c2623f75d613473fc0703907541bba6e03b8bb7b0efdd213
                                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 80216D75600305EBDF209F69DC44E9A7BB4AF54724F20CA19F8A9D62E0D7709941CF20
                                                                                                                                                                                                                                                                                                                                                                            Function 00A705A7 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 80pipeCOMMON
                                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                                            • GetStdHandle.KERNEL32(000000F6), ref: 00A705C6
                                                                                                                                                                                                                                                                                                                                                                            • CreatePipe.KERNEL32(?,?,0000000C,00000000), ref: 00A70601
                                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2226104040.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226057028.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226471803.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226549313.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a00000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                                            • API ID: CreateHandlePipe
                                                                                                                                                                                                                                                                                                                                                                            • String ID: nul
                                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1424370930-2873401336
                                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 1b3261fdf13aa573d48bedc43109a30a0388b47fcf7b55495df601c76cc3e328
                                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: a255ff784e31f17bc10a3b1fa04c99ea06296c0229f040fabaa7288f08d2dbca
                                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 1b3261fdf13aa573d48bedc43109a30a0388b47fcf7b55495df601c76cc3e328
                                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 12218375600305DBDB209F698C54E9A77E4BF95734F20CB1AF8A5E72D0DBB09961CB20
                                                                                                                                                                                                                                                                                                                                                                            Function 00A940AD Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 75windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00A0600E: CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 00A0604C
                                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00A0600E: GetStockObject.GDI32(00000011), ref: 00A06060
                                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00A0600E: SendMessageW.USER32(00000000,00000030,00000000), ref: 00A0606A
                                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,00002001,00000000,FF000000), ref: 00A94112
                                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00000409,00000000,FF000000), ref: 00A9411F
                                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00000402,00000000,00000000), ref: 00A9412A
                                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00000401,00000000,00640000), ref: 00A94139
                                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00000404,00000001,00000000), ref: 00A94145
                                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2226104040.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226057028.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226471803.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226549313.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a00000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                                            • API ID: MessageSend$CreateObjectStockWindow
                                                                                                                                                                                                                                                                                                                                                                            • String ID: Msctls_Progress32
                                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1025951953-3636473452
                                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 7d7190d1938a8caa42394ebe47959df6c1476d3b819036bec3cb9b6e8f629444
                                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 638a25ddf0199bf460be004d3b3ed89835d0505450d5bc2be6d431a3ac20e382
                                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 7d7190d1938a8caa42394ebe47959df6c1476d3b819036bec3cb9b6e8f629444
                                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0711B6B224011D7EEF118F64CC85EE77F9DEF08798F114111B718A2050C7769C22DBA4
                                                                                                                                                                                                                                                                                                                                                                            Function 00A3D7DF Relevance: 10.6, APIs: 7, Instructions: 65COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00A3D7A3: _free.LIBCMT ref: 00A3D7CC
                                                                                                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 00A3D82D
                                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00A329C8: RtlFreeHeap.NTDLL(00000000,00000000,?,00A3D7D1,00000000,00000000,00000000,00000000,?,00A3D7F8,00000000,00000007,00000000,?,00A3DBF5,00000000), ref: 00A329DE
                                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00A329C8: GetLastError.KERNEL32(00000000,?,00A3D7D1,00000000,00000000,00000000,00000000,?,00A3D7F8,00000000,00000007,00000000,?,00A3DBF5,00000000,00000000), ref: 00A329F0
                                                                                                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 00A3D838
                                                                                                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 00A3D843
                                                                                                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 00A3D897
                                                                                                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 00A3D8A2
                                                                                                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 00A3D8AD
                                                                                                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 00A3D8B8
                                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2226104040.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226057028.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226471803.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226549313.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a00000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                                            • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                                            • API String ID: 776569668-0
                                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: d5e9bbcb1dbdafe4c8d3bd98f36014f41f46dc5d4a3df644b036f3c2391e0fc8
                                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: ae7fcd789960766625c394a40f1b6d8a2e79cbfab2602943b83fb950f3c6d686
                                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d5e9bbcb1dbdafe4c8d3bd98f36014f41f46dc5d4a3df644b036f3c2391e0fc8
                                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D0118F71940B14FADA31BFF0EE47FCBBBDCAF40700F400825B699AA292DA75B5058760
                                                                                                                                                                                                                                                                                                                                                                            Function 00A6DA5A Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 46windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                                            • GetModuleHandleW.KERNEL32(00000000,?,?,00000100,00000000), ref: 00A6DA74
                                                                                                                                                                                                                                                                                                                                                                            • LoadStringW.USER32(00000000), ref: 00A6DA7B
                                                                                                                                                                                                                                                                                                                                                                            • GetModuleHandleW.KERNEL32(00000000,00001389,?,00000100), ref: 00A6DA91
                                                                                                                                                                                                                                                                                                                                                                            • LoadStringW.USER32(00000000), ref: 00A6DA98
                                                                                                                                                                                                                                                                                                                                                                            • MessageBoxW.USER32(00000000,?,?,00011010), ref: 00A6DADC
                                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                                            • %s (%d) : ==> %s: %s %s, xrefs: 00A6DAB9
                                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2226104040.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226057028.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226471803.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226549313.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a00000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                                            • API ID: HandleLoadModuleString$Message
                                                                                                                                                                                                                                                                                                                                                                            • String ID: %s (%d) : ==> %s: %s %s
                                                                                                                                                                                                                                                                                                                                                                            • API String ID: 4072794657-3128320259
                                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 280d23dfdd23c887e7c0a0a5948b772387ac19fc81258e7ce78eeb2cc9baa853
                                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 96556582262b0f30cbc2cfc998c96f4947e821687d9779def181c48699196f56
                                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 280d23dfdd23c887e7c0a0a5948b772387ac19fc81258e7ce78eeb2cc9baa853
                                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: BD0162F2A042087FEB10DBE09D89EE7367CE708351F400596B706E2041EA749E854F74
                                                                                                                                                                                                                                                                                                                                                                            Function 00A7096B Relevance: 10.5, APIs: 7, Instructions: 35synchronizationthreadCOMMON
                                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                                            • InterlockedExchange.KERNEL32(01429AC8,01429AC8), ref: 00A7097B
                                                                                                                                                                                                                                                                                                                                                                            • EnterCriticalSection.KERNEL32(01429AA8,00000000), ref: 00A7098D
                                                                                                                                                                                                                                                                                                                                                                            • TerminateThread.KERNEL32(?,000001F6), ref: 00A7099B
                                                                                                                                                                                                                                                                                                                                                                            • WaitForSingleObject.KERNEL32(?,000003E8), ref: 00A709A9
                                                                                                                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(?), ref: 00A709B8
                                                                                                                                                                                                                                                                                                                                                                            • InterlockedExchange.KERNEL32(01429AC8,000001F6), ref: 00A709C8
                                                                                                                                                                                                                                                                                                                                                                            • LeaveCriticalSection.KERNEL32(01429AA8), ref: 00A709CF
                                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2226104040.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226057028.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226471803.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226549313.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a00000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                                            • API ID: CriticalExchangeInterlockedSection$CloseEnterHandleLeaveObjectSingleTerminateThreadWait
                                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3495660284-0
                                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 90cbfde32a7bb48d895f9e4fcf94794d0b814aa0f48fb4b0e623bf5e7bd5cc5b
                                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 4d6b81e7a50dde10044fca618554b4a4cee21c510e0fdc892dc45daffb4e957d
                                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 90cbfde32a7bb48d895f9e4fcf94794d0b814aa0f48fb4b0e623bf5e7bd5cc5b
                                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 62F01D32542912EBDB41ABA4EE89AD6BA25BF01712F805016F201508A0CB75A466CFA0
                                                                                                                                                                                                                                                                                                                                                                            Function 00A81C60 Relevance: 9.3, APIs: 6, Instructions: 298networkCOMMON
                                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                                            • __WSAFDIsSet.WSOCK32(00000000,?,00000000,00000000,?,00000064,00000000), ref: 00A81DC0
                                                                                                                                                                                                                                                                                                                                                                            • #17.WSOCK32(00000000,?,?,00000000,?,00000010), ref: 00A81DE1
                                                                                                                                                                                                                                                                                                                                                                            • WSAGetLastError.WSOCK32 ref: 00A81DF2
                                                                                                                                                                                                                                                                                                                                                                            • htons.WSOCK32(?,?,?,?,?), ref: 00A81EDB
                                                                                                                                                                                                                                                                                                                                                                            • inet_ntoa.WSOCK32(?), ref: 00A81E8C
                                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00A639E8: _strlen.LIBCMT ref: 00A639F2
                                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00A83224: MultiByteToWideChar.KERNEL32(00000000,00000001,?,?,00000000,00000000,00000000,?,?,?,?,00A7EC0C), ref: 00A83240
                                                                                                                                                                                                                                                                                                                                                                            • _strlen.LIBCMT ref: 00A81F35
                                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2226104040.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226057028.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226471803.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226549313.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a00000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                                            • API ID: _strlen$ByteCharErrorLastMultiWidehtonsinet_ntoa
                                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3203458085-0
                                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 4c5e8971e8d33326e3c02c2bc9856f823a540480a95d8a475984e65cf3701731
                                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: f6921c4a7114a3eba2f2747466bfbd60497d9272866e02ac397b225f1214003c
                                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4c5e8971e8d33326e3c02c2bc9856f823a540480a95d8a475984e65cf3701731
                                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 46B10171604300AFC724EF24C885E2A7BE9AF84318F54894CF55A5F2E2DB71ED82CB91
                                                                                                                                                                                                                                                                                                                                                                            Function 00A05D0A Relevance: 9.3, APIs: 6, Instructions: 276COMMON
                                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                                            • GetClientRect.USER32(?,?), ref: 00A05D30
                                                                                                                                                                                                                                                                                                                                                                            • GetWindowRect.USER32(?,?), ref: 00A05D71
                                                                                                                                                                                                                                                                                                                                                                            • ScreenToClient.USER32(?,?), ref: 00A05D99
                                                                                                                                                                                                                                                                                                                                                                            • GetClientRect.USER32(?,?), ref: 00A05ED7
                                                                                                                                                                                                                                                                                                                                                                            • GetWindowRect.USER32(?,?), ref: 00A05EF8
                                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2226104040.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226057028.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226471803.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226549313.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a00000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                                            • API ID: Rect$Client$Window$Screen
                                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1296646539-0
                                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 0c82094de5cf531e5d917b027ec5a994508159b16a4e8f74f1d06017188bd9a8
                                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: c95a61e64e0beb05e95ef7491fac186f6ce54a92d6e33f9a08d1e1fef1570246
                                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0c82094de5cf531e5d917b027ec5a994508159b16a4e8f74f1d06017188bd9a8
                                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: C1B15739A00A4ADBDB14CFB9C4807EAB7F1FF58310F14941AE8A9D7290DB34AA51DF54
                                                                                                                                                                                                                                                                                                                                                                            Function 00A301B7 Relevance: 9.3, APIs: 6, Instructions: 269COMMON
                                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                                            • __allrem.LIBCMT ref: 00A300BA
                                                                                                                                                                                                                                                                                                                                                                            • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00A300D6
                                                                                                                                                                                                                                                                                                                                                                            • __allrem.LIBCMT ref: 00A300ED
                                                                                                                                                                                                                                                                                                                                                                            • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00A3010B
                                                                                                                                                                                                                                                                                                                                                                            • __allrem.LIBCMT ref: 00A30122
                                                                                                                                                                                                                                                                                                                                                                            • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00A30140
                                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2226104040.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226057028.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226471803.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226549313.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a00000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                                            • API ID: Unothrow_t@std@@@__allrem__ehfuncinfo$??2@
                                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1992179935-0
                                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 8fbb49ba762f8ece8e29681380aa111ddf72d6c7443a1a5a7b6c612577c50f6c
                                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: f0c2f542ce8eb99528898409866193df5ef832fe3798f7ebf89b1a0de83daa13
                                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 8fbb49ba762f8ece8e29681380aa111ddf72d6c7443a1a5a7b6c612577c50f6c
                                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1A812476A00B169FE7249F2CDD52F6BB3F9AF41760F24423AF551D6681E770D9008B90
                                                                                                                                                                                                                                                                                                                                                                            Function 00A361FE Relevance: 9.2, APIs: 6, Instructions: 216COMMON
                                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                                            • MultiByteToWideChar.KERNEL32(00000001,00000000,?,?,00000000,00000000,?,00A282D9,00A282D9,?,?,?,00A3644F,00000001,00000001,8BE85006), ref: 00A36258
                                                                                                                                                                                                                                                                                                                                                                            • MultiByteToWideChar.KERNEL32(00000001,00000001,?,?,00000000,?,?,?,?,00A3644F,00000001,00000001,8BE85006,?,?,?), ref: 00A362DE
                                                                                                                                                                                                                                                                                                                                                                            • WideCharToMultiByte.KERNEL32(00000001,00000000,00000000,00000000,?,8BE85006,00000000,00000000,?,00000400,00000000,?,00000000,00000000,00000000,00000000), ref: 00A363D8
                                                                                                                                                                                                                                                                                                                                                                            • __freea.LIBCMT ref: 00A363E5
                                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00A33820: RtlAllocateHeap.NTDLL(00000000,?,00AD1444,?,00A1FDF5,?,?,00A0A976,00000010,00AD1440,00A013FC,?,00A013C6,?,00A01129), ref: 00A33852
                                                                                                                                                                                                                                                                                                                                                                            • __freea.LIBCMT ref: 00A363EE
                                                                                                                                                                                                                                                                                                                                                                            • __freea.LIBCMT ref: 00A36413
                                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2226104040.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226057028.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226471803.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226549313.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a00000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                                            • API ID: ByteCharMultiWide__freea$AllocateHeap
                                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1414292761-0
                                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 7a098e0cd0179c91da055f1dba73df16701c505e488116c8673fe5efc26944a8
                                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 5abebf7b378d8d53bcfa6e9eb1004a8adc2efc93523d10bf95d12dd8e950b292
                                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 7a098e0cd0179c91da055f1dba73df16701c505e488116c8673fe5efc26944a8
                                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2151AF73A00216BBEF258FA4DD81EBF7BA9EB44750F258629FC05DA141EB34DC44C6A0
                                                                                                                                                                                                                                                                                                                                                                            Function 00A8BBDB Relevance: 9.2, APIs: 6, Instructions: 191registryCOMMON
                                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00A09CB3: _wcslen.LIBCMT ref: 00A09CBD
                                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00A8C998: CharUpperBuffW.USER32(?,?,?,?,?,?,?,00A8B6AE,?,?), ref: 00A8C9B5
                                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00A8C998: _wcslen.LIBCMT ref: 00A8C9F1
                                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00A8C998: _wcslen.LIBCMT ref: 00A8CA68
                                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00A8C998: _wcslen.LIBCMT ref: 00A8CA9E
                                                                                                                                                                                                                                                                                                                                                                            • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 00A8BCCA
                                                                                                                                                                                                                                                                                                                                                                            • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 00A8BD25
                                                                                                                                                                                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(00000000), ref: 00A8BD6A
                                                                                                                                                                                                                                                                                                                                                                            • RegEnumValueW.ADVAPI32(?,-00000001,?,?,00000000,?,00000000,00000000), ref: 00A8BD99
                                                                                                                                                                                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(?,?,00000000), ref: 00A8BDF3
                                                                                                                                                                                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(?), ref: 00A8BDFF
                                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2226104040.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226057028.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226471803.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226549313.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a00000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                                            • API ID: _wcslen$Close$BuffCharConnectEnumOpenRegistryUpperValue
                                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1120388591-0
                                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: ca45bed944dc938f5666602f78b08422e117c773836ba9b561be358b9dc30913
                                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 511f4b8cc296ec4e4d069add1d635fe6d48fa449b66d649c6e714e0cba0f7672
                                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: ca45bed944dc938f5666602f78b08422e117c773836ba9b561be358b9dc30913
                                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2B81AF70218241EFD714EF24C991E2ABBE5FF84308F14895CF4598B2A2DB31ED45CBA2
                                                                                                                                                                                                                                                                                                                                                                            Function 00A5F7AD Relevance: 9.2, APIs: 6, Instructions: 183memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                                            • VariantInit.OLEAUT32(00000035), ref: 00A5F7B9
                                                                                                                                                                                                                                                                                                                                                                            • SysAllocString.OLEAUT32(00000001), ref: 00A5F860
                                                                                                                                                                                                                                                                                                                                                                            • VariantCopy.OLEAUT32(00A5FA64,00000000), ref: 00A5F889
                                                                                                                                                                                                                                                                                                                                                                            • VariantClear.OLEAUT32(00A5FA64), ref: 00A5F8AD
                                                                                                                                                                                                                                                                                                                                                                            • VariantCopy.OLEAUT32(00A5FA64,00000000), ref: 00A5F8B1
                                                                                                                                                                                                                                                                                                                                                                            • VariantClear.OLEAUT32(?), ref: 00A5F8BB
                                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2226104040.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226057028.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226471803.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226549313.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a00000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                                            • API ID: Variant$ClearCopy$AllocInitString
                                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3859894641-0
                                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 460d32a52f57a8f2493e2ef896f8b0662ef1af1f3ba78293229d03a697413cb0
                                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 7c4b8ac8a3667d3063d572f44ee9d99f331ad5eabe913366b3447ae397a09590
                                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 460d32a52f57a8f2493e2ef896f8b0662ef1af1f3ba78293229d03a697413cb0
                                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6E51C331600710FECF20AB65D995B29B3A8FF45312F248467ED06DF296DB709C84C796
                                                                                                                                                                                                                                                                                                                                                                            Function 00A7910C Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 383COMMON
                                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00A07620: _wcslen.LIBCMT ref: 00A07625
                                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00A06B57: _wcslen.LIBCMT ref: 00A06B6A
                                                                                                                                                                                                                                                                                                                                                                            • GetOpenFileNameW.COMDLG32(00000058), ref: 00A794E5
                                                                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 00A79506
                                                                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 00A7952D
                                                                                                                                                                                                                                                                                                                                                                            • GetSaveFileNameW.COMDLG32(00000058), ref: 00A79585
                                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2226104040.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226057028.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226471803.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226549313.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a00000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                                            • API ID: _wcslen$FileName$OpenSave
                                                                                                                                                                                                                                                                                                                                                                            • String ID: X
                                                                                                                                                                                                                                                                                                                                                                            • API String ID: 83654149-3081909835
                                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 96619146f9d3521c8af2fe7d2f391e465741503ff3396ada6989c32649bc4bff
                                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: a8755faad98f0ca7bedeabae7d2d62ad9079b7c26c9e3b559ed6df09c556a75a
                                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 96619146f9d3521c8af2fe7d2f391e465741503ff3396ada6989c32649bc4bff
                                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: AFE1C1316083508FD724EF24D981A6BB7E4BF85314F04C96DF8999B2A2DB30ED05CB92
                                                                                                                                                                                                                                                                                                                                                                            Function 00A1920C Relevance: 9.1, APIs: 6, Instructions: 113COMMON
                                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00A19BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00A19BB2
                                                                                                                                                                                                                                                                                                                                                                            • BeginPaint.USER32(?,?,?), ref: 00A19241
                                                                                                                                                                                                                                                                                                                                                                            • GetWindowRect.USER32(?,?), ref: 00A192A5
                                                                                                                                                                                                                                                                                                                                                                            • ScreenToClient.USER32(?,?), ref: 00A192C2
                                                                                                                                                                                                                                                                                                                                                                            • SetViewportOrgEx.GDI32(00000000,?,?,00000000), ref: 00A192D3
                                                                                                                                                                                                                                                                                                                                                                            • EndPaint.USER32(?,?,?,?,?), ref: 00A19321
                                                                                                                                                                                                                                                                                                                                                                            • Rectangle.GDI32(00000000,00000000,00000000,?,?), ref: 00A571EA
                                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00A19339: BeginPath.GDI32(00000000), ref: 00A19357
                                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2226104040.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226057028.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226471803.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226549313.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a00000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                                            • API ID: BeginPaintWindow$ClientLongPathRectRectangleScreenViewport
                                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3050599898-0
                                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: d51bb2693cd85eeba925282b22235e4649f7198587f71ce47f9dcaa71d52c83b
                                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: e4b374a5aee486f51ff5e243cec6e708fb0a858d6cd9a253fe2872630047e13d
                                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d51bb2693cd85eeba925282b22235e4649f7198587f71ce47f9dcaa71d52c83b
                                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 46419F30205600AFD711DFA4DCA4FAB7BB8FB45721F14022AF9659B2B2C7319886DB61
                                                                                                                                                                                                                                                                                                                                                                            Function 00A707EF Relevance: 9.1, APIs: 6, Instructions: 107fileCOMMON
                                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                                            • InterlockedExchange.KERNEL32(?,000001F5), ref: 00A7080C
                                                                                                                                                                                                                                                                                                                                                                            • ReadFile.KERNEL32(?,?,0000FFFF,?,00000000), ref: 00A70847
                                                                                                                                                                                                                                                                                                                                                                            • EnterCriticalSection.KERNEL32(?), ref: 00A70863
                                                                                                                                                                                                                                                                                                                                                                            • LeaveCriticalSection.KERNEL32(?), ref: 00A708DC
                                                                                                                                                                                                                                                                                                                                                                            • ReadFile.KERNEL32(?,?,0000FFFF,00000000,00000000), ref: 00A708F3
                                                                                                                                                                                                                                                                                                                                                                            • InterlockedExchange.KERNEL32(?,000001F6), ref: 00A70921
                                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2226104040.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226057028.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226471803.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226549313.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a00000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                                            • API ID: CriticalExchangeFileInterlockedReadSection$EnterLeave
                                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3368777196-0
                                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 9d4ca3297a2676c06bcfda3b3e22f2710a81096d4ce7177b21a0a1eed396c900
                                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: c220fcf0bdea55aea871ea97c5b261053893a1238374e3ff5b237cf34ddd84ea
                                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9d4ca3297a2676c06bcfda3b3e22f2710a81096d4ce7177b21a0a1eed396c900
                                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: DA415A71A00205EFDF14EF94DD85AAA77B8FF44310F1480A5ED049A29BDB30DE65DBA4
                                                                                                                                                                                                                                                                                                                                                                            Function 00A981DB Relevance: 9.1, APIs: 6, Instructions: 104windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                                            • ShowWindow.USER32(FFFFFFFF,00000000,?,00000000,00000000,?,00A5F3AB,00000000,?,?,00000000,?,00A5682C,00000004,00000000,00000000), ref: 00A9824C
                                                                                                                                                                                                                                                                                                                                                                            • EnableWindow.USER32(?,00000000), ref: 00A98272
                                                                                                                                                                                                                                                                                                                                                                            • ShowWindow.USER32(FFFFFFFF,00000000), ref: 00A982D1
                                                                                                                                                                                                                                                                                                                                                                            • ShowWindow.USER32(?,00000004), ref: 00A982E5
                                                                                                                                                                                                                                                                                                                                                                            • EnableWindow.USER32(?,00000001), ref: 00A9830B
                                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,0000130C,00000000,00000000), ref: 00A9832F
                                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2226104040.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226057028.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226471803.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226549313.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a00000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                                            • API ID: Window$Show$Enable$MessageSend
                                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                                            • API String ID: 642888154-0
                                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: f3e42d429e1302608b01d4c86199b8c55ae954da2b1d590f714c19c4d8b4b0b7
                                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 41513ff057d9702e5db00cfb8b234b7688b35db65dc702a26bc8f71d1bfcb7dd
                                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: f3e42d429e1302608b01d4c86199b8c55ae954da2b1d590f714c19c4d8b4b0b7
                                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: B141A334702644AFDF21CF55C899BE57BE0FB0B714F1841AAE5194F2A3CB39A842CB50
                                                                                                                                                                                                                                                                                                                                                                            Function 00A64C7D Relevance: 9.1, APIs: 6, Instructions: 87windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                                            • IsWindowVisible.USER32(?), ref: 00A64C95
                                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,0000000E,00000000,00000000), ref: 00A64CB2
                                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,0000000D,00000001,00000000), ref: 00A64CEA
                                                                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 00A64D08
                                                                                                                                                                                                                                                                                                                                                                            • CharUpperBuffW.USER32(00000000,00000000,?,?,?,?), ref: 00A64D10
                                                                                                                                                                                                                                                                                                                                                                            • _wcsstr.LIBVCRUNTIME ref: 00A64D1A
                                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2226104040.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226057028.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226471803.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226549313.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a00000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                                            • API ID: MessageSend$BuffCharUpperVisibleWindow_wcslen_wcsstr
                                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                                            • API String ID: 72514467-0
                                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 3b46a9116a61649808cced5adf201dda15e49eede0afc0bccf122c6dbe0baaad
                                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: f17684cdea2c4f6f915b35529e998546814ff7aa7c5ee4205c2d32ec94093575
                                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3b46a9116a61649808cced5adf201dda15e49eede0afc0bccf122c6dbe0baaad
                                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: B9212332604240BFEB259B79AD09E7B7BBCDF49760F10803AF905CA192EE65CC4192A0
                                                                                                                                                                                                                                                                                                                                                                            Function 00A7581E Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 336comCOMMON
                                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00A03AA2: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,00A03A97,?,?,00A02E7F,?,?,?,00000000), ref: 00A03AC2
                                                                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 00A7587B
                                                                                                                                                                                                                                                                                                                                                                            • CoInitialize.OLE32(00000000), ref: 00A75995
                                                                                                                                                                                                                                                                                                                                                                            • CoCreateInstance.OLE32(00A9FCF8,00000000,00000001,00A9FB68,?), ref: 00A759AE
                                                                                                                                                                                                                                                                                                                                                                            • CoUninitialize.OLE32 ref: 00A759CC
                                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2226104040.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226057028.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226471803.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226549313.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a00000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                                            • API ID: CreateFullInitializeInstanceNamePathUninitialize_wcslen
                                                                                                                                                                                                                                                                                                                                                                            • String ID: .lnk
                                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3172280962-24824748
                                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: c43ff43011dbd60d220f7efdfbb044f458d8e1e421bfc2068e782d615503ed89
                                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 4a48f8e26921f519df361aa05691acb94875db37a42af91bb0abd343b21c8f6e
                                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: c43ff43011dbd60d220f7efdfbb044f458d8e1e421bfc2068e782d615503ed89
                                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 20D16471A047059FC714DF24C980A2ABBE5FF89714F14885DF88A9B3A1DB71EC45CB92
                                                                                                                                                                                                                                                                                                                                                                            Function 00A6175D Relevance: 9.1, APIs: 6, Instructions: 68memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00A60FB4: GetTokenInformation.ADVAPI32(?,00000002,?,00000000,?), ref: 00A60FCA
                                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00A60FB4: GetLastError.KERNEL32(?,00000002,?,00000000,?), ref: 00A60FD6
                                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00A60FB4: GetProcessHeap.KERNEL32(00000008,?,?,00000002,?,00000000,?), ref: 00A60FE5
                                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00A60FB4: HeapAlloc.KERNEL32(00000000,?,00000002,?,00000000,?), ref: 00A60FEC
                                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00A60FB4: GetTokenInformation.ADVAPI32(?,00000002,00000000,?,?,?,00000002,?,00000000,?), ref: 00A61002
                                                                                                                                                                                                                                                                                                                                                                            • GetLengthSid.ADVAPI32(?,00000000,00A61335), ref: 00A617AE
                                                                                                                                                                                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000008,00000000), ref: 00A617BA
                                                                                                                                                                                                                                                                                                                                                                            • HeapAlloc.KERNEL32(00000000), ref: 00A617C1
                                                                                                                                                                                                                                                                                                                                                                            • CopySid.ADVAPI32(00000000,00000000,?), ref: 00A617DA
                                                                                                                                                                                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000000,00A61335), ref: 00A617EE
                                                                                                                                                                                                                                                                                                                                                                            • HeapFree.KERNEL32(00000000), ref: 00A617F5
                                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2226104040.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226057028.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226471803.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226549313.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a00000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                                            • API ID: Heap$Process$AllocInformationToken$CopyErrorFreeLastLength
                                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3008561057-0
                                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 296d33eb27dd217fec96046231b6b3fe33890570f499d9b95f987e47fd60413d
                                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 9e2671dfd828c5a43d49ea4cbc838c73708b28f6421e5fbbd9775dea6c98a8af
                                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 296d33eb27dd217fec96046231b6b3fe33890570f499d9b95f987e47fd60413d
                                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: B211A932600605EFDB10DFA4CC49FAE7BB9EB42365F284119F481A7210DB36AA41CF60
                                                                                                                                                                                                                                                                                                                                                                            Function 00A614CE Relevance: 9.1, APIs: 6, Instructions: 64processCOMMON
                                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                                            • GetCurrentProcess.KERNEL32(0000000A,00000004), ref: 00A614FF
                                                                                                                                                                                                                                                                                                                                                                            • OpenProcessToken.ADVAPI32(00000000), ref: 00A61506
                                                                                                                                                                                                                                                                                                                                                                            • CreateEnvironmentBlock.USERENV(?,00000004,00000001), ref: 00A61515
                                                                                                                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000004), ref: 00A61520
                                                                                                                                                                                                                                                                                                                                                                            • CreateProcessWithLogonW.ADVAPI32(?,?,?,00000000,00000000,?,?,00000000,?,?,?), ref: 00A6154F
                                                                                                                                                                                                                                                                                                                                                                            • DestroyEnvironmentBlock.USERENV(00000000), ref: 00A61563
                                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2226104040.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226057028.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226471803.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226549313.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a00000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                                            • API ID: Process$BlockCreateEnvironment$CloseCurrentDestroyHandleLogonOpenTokenWith
                                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1413079979-0
                                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 16547be8acbd3eb87bc16636c618c2a62bf639b320af615824f74ed3b88ce9e2
                                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 0414117875b03b1671c0511ff84b22cafe411837f6e30a99979bc7cefb77886f
                                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 16547be8acbd3eb87bc16636c618c2a62bf639b320af615824f74ed3b88ce9e2
                                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: CB112972601209ABDF11CFE8EE49FDE7BB9EF48758F084015FA05A2060C7758E61DB61
                                                                                                                                                                                                                                                                                                                                                                            Function 00A23382 Relevance: 9.1, APIs: 6, Instructions: 60COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,?,00A23379,00A22FE5), ref: 00A23390
                                                                                                                                                                                                                                                                                                                                                                            • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 00A2339E
                                                                                                                                                                                                                                                                                                                                                                            • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 00A233B7
                                                                                                                                                                                                                                                                                                                                                                            • SetLastError.KERNEL32(00000000,?,00A23379,00A22FE5), ref: 00A23409
                                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2226104040.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226057028.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226471803.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226549313.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a00000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                                            • API ID: ErrorLastValue___vcrt_
                                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3852720340-0
                                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: e661b98aa4efb7b545022488b87a1135b76c451b0bf31284754ea62c14f089a3
                                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 5c310506349c6f9e0950964ae93798d8d8a8b71998f7efaeb234ba776a6fa5e6
                                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: e661b98aa4efb7b545022488b87a1135b76c451b0bf31284754ea62c14f089a3
                                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 23012433208731BEEE24B7BC7D85A272A99EB07779720023AF410881F0FF194E035144
                                                                                                                                                                                                                                                                                                                                                                            Function 00A32D74 Relevance: 9.0, APIs: 6, Instructions: 50COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,?,00A35686,00A43CD6,?,00000000,?,00A35B6A,?,?,?,?,?,00A2E6D1,?,00AC8A48), ref: 00A32D78
                                                                                                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 00A32DAB
                                                                                                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 00A32DD3
                                                                                                                                                                                                                                                                                                                                                                            • SetLastError.KERNEL32(00000000,?,?,?,?,00A2E6D1,?,00AC8A48,00000010,00A04F4A,?,?,00000000,00A43CD6), ref: 00A32DE0
                                                                                                                                                                                                                                                                                                                                                                            • SetLastError.KERNEL32(00000000,?,?,?,?,00A2E6D1,?,00AC8A48,00000010,00A04F4A,?,?,00000000,00A43CD6), ref: 00A32DEC
                                                                                                                                                                                                                                                                                                                                                                            • _abort.LIBCMT ref: 00A32DF2
                                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2226104040.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226057028.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226471803.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226549313.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a00000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                                            • API ID: ErrorLast$_free$_abort
                                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3160817290-0
                                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 6744beb4d566d1400fb5fced970564eec8abeccae913e86efabfb2788aef1b67
                                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 74eea2cd0f2f9b6f1f46d98381c43a73bcfc2fa5aecfb744ae39553bfba63419
                                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 6744beb4d566d1400fb5fced970564eec8abeccae913e86efabfb2788aef1b67
                                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 35F0F632645A102BD62277B9BD0AF5F2669AFC27F1F250519F828D71E2EF3488035360
                                                                                                                                                                                                                                                                                                                                                                            Function 00A98A24 Relevance: 9.0, APIs: 6, Instructions: 49COMMON
                                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00A19639: ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,00000000), ref: 00A19693
                                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00A19639: SelectObject.GDI32(?,00000000), ref: 00A196A2
                                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00A19639: BeginPath.GDI32(?), ref: 00A196B9
                                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00A19639: SelectObject.GDI32(?,00000000), ref: 00A196E2
                                                                                                                                                                                                                                                                                                                                                                            • MoveToEx.GDI32(?,-00000002,00000000,00000000), ref: 00A98A4E
                                                                                                                                                                                                                                                                                                                                                                            • LineTo.GDI32(?,00000003,00000000), ref: 00A98A62
                                                                                                                                                                                                                                                                                                                                                                            • MoveToEx.GDI32(?,00000000,-00000002,00000000), ref: 00A98A70
                                                                                                                                                                                                                                                                                                                                                                            • LineTo.GDI32(?,00000000,00000003), ref: 00A98A80
                                                                                                                                                                                                                                                                                                                                                                            • EndPath.GDI32(?), ref: 00A98A90
                                                                                                                                                                                                                                                                                                                                                                            • StrokePath.GDI32(?), ref: 00A98AA0
                                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2226104040.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226057028.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226471803.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226549313.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a00000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                                            • API ID: Path$LineMoveObjectSelect$BeginCreateStroke
                                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                                            • API String ID: 43455801-0
                                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: fc1181c4db4e405b9d50b7398f90cdc7a1dec7db8430a949b6444017ce84f394
                                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: f1f16c95e15adf28856db22ce8a093a06689e78649e42220e3583e3252f132d2
                                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: fc1181c4db4e405b9d50b7398f90cdc7a1dec7db8430a949b6444017ce84f394
                                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: FC11CC76140149FFDF11DFD4EC48E9A7F6DEB04364F048012FA1996161CB719D56DB60
                                                                                                                                                                                                                                                                                                                                                                            Function 00A651FD Relevance: 9.0, APIs: 6, Instructions: 49COMMON
                                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                                            • GetDC.USER32(00000000), ref: 00A65218
                                                                                                                                                                                                                                                                                                                                                                            • GetDeviceCaps.GDI32(00000000,00000058), ref: 00A65229
                                                                                                                                                                                                                                                                                                                                                                            • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00A65230
                                                                                                                                                                                                                                                                                                                                                                            • ReleaseDC.USER32(00000000,00000000), ref: 00A65238
                                                                                                                                                                                                                                                                                                                                                                            • MulDiv.KERNEL32(000009EC,?,00000000), ref: 00A6524F
                                                                                                                                                                                                                                                                                                                                                                            • MulDiv.KERNEL32(000009EC,00000001,?), ref: 00A65261
                                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2226104040.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226057028.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226471803.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226549313.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a00000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                                            • API ID: CapsDevice$Release
                                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1035833867-0
                                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: cf0060e75d099411b044052d0970c5c8cc9e4c62fdd08fbc5f0a8b59a3a3a5af
                                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: d86f078c78ac607f304fa7cf88e05e8ac160a1f3d98c8e60029ab0ac39033b7a
                                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: cf0060e75d099411b044052d0970c5c8cc9e4c62fdd08fbc5f0a8b59a3a3a5af
                                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 30014475E00B14BBEB109BF59C49A5EBFB8EF44761F144066FA04A7281DA709905CB60
                                                                                                                                                                                                                                                                                                                                                                            Function 00A01BC3 Relevance: 9.0, APIs: 6, Instructions: 44keyboardCOMMON
                                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                                            • MapVirtualKeyW.USER32(0000005B,00000000), ref: 00A01BF4
                                                                                                                                                                                                                                                                                                                                                                            • MapVirtualKeyW.USER32(00000010,00000000), ref: 00A01BFC
                                                                                                                                                                                                                                                                                                                                                                            • MapVirtualKeyW.USER32(000000A0,00000000), ref: 00A01C07
                                                                                                                                                                                                                                                                                                                                                                            • MapVirtualKeyW.USER32(000000A1,00000000), ref: 00A01C12
                                                                                                                                                                                                                                                                                                                                                                            • MapVirtualKeyW.USER32(00000011,00000000), ref: 00A01C1A
                                                                                                                                                                                                                                                                                                                                                                            • MapVirtualKeyW.USER32(00000012,00000000), ref: 00A01C22
                                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2226104040.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226057028.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226471803.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226549313.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a00000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                                            • API ID: Virtual
                                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                                            • API String ID: 4278518827-0
                                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: d0b2e48712477675de595c67c3d9a12fcfcd2c13929a87173cacb73c0c896d29
                                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: d59b012671a552ab9af5031eb7f5e11aec87810618e417dafd9cb8c593d45c03
                                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d0b2e48712477675de595c67c3d9a12fcfcd2c13929a87173cacb73c0c896d29
                                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: BD016CB0902B597DE3008F5A8C85B52FFA8FF19354F00411B915C47941C7F5A864CBE5
                                                                                                                                                                                                                                                                                                                                                                            Function 00A6EB20 Relevance: 9.0, APIs: 6, Instructions: 42windowtimethreadCOMMON
                                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                                            • PostMessageW.USER32(?,00000010,00000000,00000000), ref: 00A6EB30
                                                                                                                                                                                                                                                                                                                                                                            • SendMessageTimeoutW.USER32(?,00000010,00000000,00000000,00000002,000001F4,?), ref: 00A6EB46
                                                                                                                                                                                                                                                                                                                                                                            • GetWindowThreadProcessId.USER32(?,?), ref: 00A6EB55
                                                                                                                                                                                                                                                                                                                                                                            • OpenProcess.KERNEL32(001F0FFF,00000000,?,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 00A6EB64
                                                                                                                                                                                                                                                                                                                                                                            • TerminateProcess.KERNEL32(00000000,00000000,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 00A6EB6E
                                                                                                                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 00A6EB75
                                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2226104040.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226057028.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226471803.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226549313.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a00000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                                            • API ID: Process$Message$CloseHandleOpenPostSendTerminateThreadTimeoutWindow
                                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                                            • API String ID: 839392675-0
                                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 6855f4fc8a48b7e53b0ce7f4e443acb86fee0f1ba39b4ce742f52198e9811c6d
                                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 1e1ee81b0f1fcf9c806b6f8d25715af7e6a9f681fdd2d4bbd260dd1874641aac
                                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 6855f4fc8a48b7e53b0ce7f4e443acb86fee0f1ba39b4ce742f52198e9811c6d
                                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8CF05472340958BBE72197929C0EEEF7E7CEFCAB21F00415AF601D1091DBA45A02C6B5
                                                                                                                                                                                                                                                                                                                                                                            Function 00A57439 Relevance: 9.0, APIs: 6, Instructions: 37windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                                            • GetClientRect.USER32(?), ref: 00A57452
                                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00001328,00000000,?), ref: 00A57469
                                                                                                                                                                                                                                                                                                                                                                            • GetWindowDC.USER32(?), ref: 00A57475
                                                                                                                                                                                                                                                                                                                                                                            • GetPixel.GDI32(00000000,?,?), ref: 00A57484
                                                                                                                                                                                                                                                                                                                                                                            • ReleaseDC.USER32(?,00000000), ref: 00A57496
                                                                                                                                                                                                                                                                                                                                                                            • GetSysColor.USER32(00000005), ref: 00A574B0
                                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2226104040.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226057028.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226471803.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226549313.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a00000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                                            • API ID: ClientColorMessagePixelRectReleaseSendWindow
                                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                                            • API String ID: 272304278-0
                                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 8ef4f941042f58323d201fdffb0ae80b0a69371680e2aacf1b4def237a55fb4b
                                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: cf6bc9378648e34db58272fe58cd67263710f754979e82a03ef3382a067b224d
                                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 8ef4f941042f58323d201fdffb0ae80b0a69371680e2aacf1b4def237a55fb4b
                                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F6014B31600615EFDB519FA8EC08BAE7BB5FB04322F614165FE16A21A1CF311E52EB50
                                                                                                                                                                                                                                                                                                                                                                            Function 00A61874 Relevance: 9.0, APIs: 6, Instructions: 23memorysynchronizationCOMMON
                                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                                            • WaitForSingleObject.KERNEL32(?,000000FF), ref: 00A6187F
                                                                                                                                                                                                                                                                                                                                                                            • UnloadUserProfile.USERENV(?,?), ref: 00A6188B
                                                                                                                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(?), ref: 00A61894
                                                                                                                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(?), ref: 00A6189C
                                                                                                                                                                                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,?), ref: 00A618A5
                                                                                                                                                                                                                                                                                                                                                                            • HeapFree.KERNEL32(00000000), ref: 00A618AC
                                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2226104040.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226057028.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226471803.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226549313.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a00000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                                            • API ID: CloseHandleHeap$FreeObjectProcessProfileSingleUnloadUserWait
                                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                                            • API String ID: 146765662-0
                                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 45058d3460852b82d17ca90a3f80d46ee397cf1e05304e8134004b82166bbb67
                                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 39223bf13f0c78dd19ff82e4f26d758fa219ca552a274ea899b37b72cca18e08
                                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 45058d3460852b82d17ca90a3f80d46ee397cf1e05304e8134004b82166bbb67
                                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: E1E0C236204901BBDA019BE1EE0C90ABB29FB49B32B208222F22585070CF329422DB64
                                                                                                                                                                                                                                                                                                                                                                            Function 00A6C5D0 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 191windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00A07620: _wcslen.LIBCMT ref: 00A07625
                                                                                                                                                                                                                                                                                                                                                                            • GetMenuItemInfoW.USER32(?,?,00000000,?), ref: 00A6C6EE
                                                                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 00A6C735
                                                                                                                                                                                                                                                                                                                                                                            • SetMenuItemInfoW.USER32(?,?,00000000,?), ref: 00A6C79C
                                                                                                                                                                                                                                                                                                                                                                            • SetMenuDefaultItem.USER32(?,000000FF,00000000), ref: 00A6C7CA
                                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2226104040.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226057028.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226471803.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226549313.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a00000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                                            • API ID: ItemMenu$Info_wcslen$Default
                                                                                                                                                                                                                                                                                                                                                                            • String ID: 0
                                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1227352736-4108050209
                                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 5fa5b0d62faae502d087ee71a09c5ddc86a52af74a3ede49d43c586188e38333
                                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 6026c9ed2ba2e4e0ab7a6fd70f3b55ba9958cdfd0fd9ae00663f969b567fa453
                                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 5fa5b0d62faae502d087ee71a09c5ddc86a52af74a3ede49d43c586188e38333
                                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: AA51CD71604340ABD7109F28D985B7BB7F8AF49324F040A2AF9E6D32E1DB70D9448B96
                                                                                                                                                                                                                                                                                                                                                                            Function 00A8AD64 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 176COMMON
                                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                                            • ShellExecuteExW.SHELL32(0000003C), ref: 00A8AEA3
                                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00A07620: _wcslen.LIBCMT ref: 00A07625
                                                                                                                                                                                                                                                                                                                                                                            • GetProcessId.KERNEL32(00000000), ref: 00A8AF38
                                                                                                                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 00A8AF67
                                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2226104040.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226057028.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226471803.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226549313.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a00000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                                            • API ID: CloseExecuteHandleProcessShell_wcslen
                                                                                                                                                                                                                                                                                                                                                                            • String ID: <$@
                                                                                                                                                                                                                                                                                                                                                                            • API String ID: 146682121-1426351568
                                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 6c0757d91c11e2532c9c1383a3e6631e7d8b286e7abe653a5cab5e07bc2c3119
                                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: b6669b0cb916bd908a94419e5a292a6b014b19a9fa52a7a48c565284dfd145ec
                                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 6c0757d91c11e2532c9c1383a3e6631e7d8b286e7abe653a5cab5e07bc2c3119
                                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: A6717B71A00619DFDB14EF94D584A9EBBF0FF08314F04849AE816AB392CB75ED85CB91
                                                                                                                                                                                                                                                                                                                                                                            Function 00A6719E Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 120comlibraryloaderCOMMON
                                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                                            • CoCreateInstance.OLE32(?,00000000,00000005,?,?,?,?,?,?,?,?,?,?,?), ref: 00A67206
                                                                                                                                                                                                                                                                                                                                                                            • SetErrorMode.KERNEL32(00000001,?,?,?,?,?,?,?,?,?), ref: 00A6723C
                                                                                                                                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(?,DllGetClassObject), ref: 00A6724D
                                                                                                                                                                                                                                                                                                                                                                            • SetErrorMode.KERNEL32(00000000,?,?,?,?,?,?,?,?,?), ref: 00A672CF
                                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2226104040.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226057028.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226471803.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226549313.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a00000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                                            • API ID: ErrorMode$AddressCreateInstanceProc
                                                                                                                                                                                                                                                                                                                                                                            • String ID: DllGetClassObject
                                                                                                                                                                                                                                                                                                                                                                            • API String ID: 753597075-1075368562
                                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: ad44950683faf3462fcf1b3350c502c5053ee19d1d67bda5117a1658e5540795
                                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: be58f5e44c5eb6243ddf1acba8247e47155d7bddefbb4e3a1dd0b700930f51f8
                                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: ad44950683faf3462fcf1b3350c502c5053ee19d1d67bda5117a1658e5540795
                                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2B417EB1A14204EFDB15CFA4C894A9E7BB9EF44718F2480ADFD059F20AD7B0D945CBA0
                                                                                                                                                                                                                                                                                                                                                                            Function 00A61DE2 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 93windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00A09CB3: _wcslen.LIBCMT ref: 00A09CBD
                                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00A63CA7: GetClassNameW.USER32(?,?,000000FF), ref: 00A63CCA
                                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00000188,00000000,00000000), ref: 00A61E66
                                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,0000018A,00000000,00000000), ref: 00A61E79
                                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00000189,?,00000000), ref: 00A61EA9
                                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00A06B57: _wcslen.LIBCMT ref: 00A06B6A
                                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2226104040.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226057028.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226471803.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226549313.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a00000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                                            • API ID: MessageSend$_wcslen$ClassName
                                                                                                                                                                                                                                                                                                                                                                            • String ID: ComboBox$ListBox
                                                                                                                                                                                                                                                                                                                                                                            • API String ID: 2081771294-1403004172
                                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: b3c3aac1a0a928c6c1a5762f36484d16c591bb4a459917677d01c903d484a83b
                                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: ce66fdbcaee863eead2e02d33891752140884ec0ec24bf27e0b1dc7955e3071a
                                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: b3c3aac1a0a928c6c1a5762f36484d16c591bb4a459917677d01c903d484a83b
                                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2C212772E00108BEDB14ABA4DD45DFFBBB8EF45360B184519F925A71E1DB398D0A9620
                                                                                                                                                                                                                                                                                                                                                                            Function 00A92F17 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 78windowlibraryCOMMON
                                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,00000467,00000000,?), ref: 00A92F8D
                                                                                                                                                                                                                                                                                                                                                                            • LoadLibraryW.KERNEL32(?), ref: 00A92F94
                                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00000467,00000000,00000000), ref: 00A92FA9
                                                                                                                                                                                                                                                                                                                                                                            • DestroyWindow.USER32(?), ref: 00A92FB1
                                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2226104040.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226057028.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226471803.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226549313.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a00000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                                            • API ID: MessageSend$DestroyLibraryLoadWindow
                                                                                                                                                                                                                                                                                                                                                                            • String ID: SysAnimate32
                                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3529120543-1011021900
                                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: a5891a14aeac3d6b7330ba24e2eedae3673c22fe23b319a64716ed8d5ad3b2e0
                                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: c040788bda2f914ed54f1cd814d360e45fcaa45dd3a48c3d25de15fb349ae8d3
                                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a5891a14aeac3d6b7330ba24e2eedae3673c22fe23b319a64716ed8d5ad3b2e0
                                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9C218872300209BBEF108FA4DC84FBB37F9EB59364F104619FA5492190D771DC619760
                                                                                                                                                                                                                                                                                                                                                                            Function 00A24D6D Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 38libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                                            • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,?,?,?,00A24D1E,00A328E9,?,00A24CBE,00A328E9,00AC88B8,0000000C,00A24E15,00A328E9,00000002), ref: 00A24D8D
                                                                                                                                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 00A24DA0
                                                                                                                                                                                                                                                                                                                                                                            • FreeLibrary.KERNEL32(00000000,?,?,?,00A24D1E,00A328E9,?,00A24CBE,00A328E9,00AC88B8,0000000C,00A24E15,00A328E9,00000002,00000000), ref: 00A24DC3
                                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2226104040.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226057028.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226471803.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226549313.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a00000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                                            • API ID: AddressFreeHandleLibraryModuleProc
                                                                                                                                                                                                                                                                                                                                                                            • String ID: CorExitProcess$mscoree.dll
                                                                                                                                                                                                                                                                                                                                                                            • API String ID: 4061214504-1276376045
                                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 2743bca03155dec652b8af684155eca8288858f01da9f691c5eeff3d33f69f9b
                                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 78ee3b45ada72faf3f98995a5aec838d125340859a6ae17d7e12b668357b8809
                                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2743bca03155dec652b8af684155eca8288858f01da9f691c5eeff3d33f69f9b
                                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 65F06234A40618BBDB119FD4EC49FAEBFB5EF48761F4001A5F809A22A0CF345D41CB94
                                                                                                                                                                                                                                                                                                                                                                            Function 00A04E90 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 24libraryloaderCOMMON
                                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                                            • LoadLibraryA.KERNEL32(kernel32.dll,?,?,00A04EDD,?,00AD1418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00A04E9C
                                                                                                                                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,Wow64DisableWow64FsRedirection), ref: 00A04EAE
                                                                                                                                                                                                                                                                                                                                                                            • FreeLibrary.KERNEL32(00000000,?,?,00A04EDD,?,00AD1418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00A04EC0
                                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2226104040.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226057028.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226471803.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226549313.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a00000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                                            • API ID: Library$AddressFreeLoadProc
                                                                                                                                                                                                                                                                                                                                                                            • String ID: Wow64DisableWow64FsRedirection$kernel32.dll
                                                                                                                                                                                                                                                                                                                                                                            • API String ID: 145871493-3689287502
                                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: f77a1d1b84d7aca3da2dd7e86062fd7d2c3d1fbe866c46084bef00cbbcd0af86
                                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 679f7aa8226b20c40453a0ca06dddb066e21fbf6f73453acc0fe36d1a6491b20
                                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: f77a1d1b84d7aca3da2dd7e86062fd7d2c3d1fbe866c46084bef00cbbcd0af86
                                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 46E08636B059226BD2215765BC18B9B6554BF85F727150216FD04D2150DF64CD0340E4
                                                                                                                                                                                                                                                                                                                                                                            Function 00A04E59 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 22libraryloaderCOMMON
                                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                                            • LoadLibraryA.KERNEL32(kernel32.dll,?,?,00A43CDE,?,00AD1418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00A04E62
                                                                                                                                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,Wow64RevertWow64FsRedirection), ref: 00A04E74
                                                                                                                                                                                                                                                                                                                                                                            • FreeLibrary.KERNEL32(00000000,?,?,00A43CDE,?,00AD1418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00A04E87
                                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2226104040.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226057028.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226471803.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226549313.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a00000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                                            • API ID: Library$AddressFreeLoadProc
                                                                                                                                                                                                                                                                                                                                                                            • String ID: Wow64RevertWow64FsRedirection$kernel32.dll
                                                                                                                                                                                                                                                                                                                                                                            • API String ID: 145871493-1355242751
                                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 046f4604775e9526fc463d2dc9fdbc1a82c657beb209de51035b36f645833fc9
                                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 973f82e7c58c34baffe6155ed56ea155c4b5f3bea64f8428112b1576b9f72e0e
                                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 046f4604775e9526fc463d2dc9fdbc1a82c657beb209de51035b36f645833fc9
                                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: B5D0C232702E2167CA221B24BC08ECB2A18BF89F31315061AFA09A2190CF24CD0281D4
                                                                                                                                                                                                                                                                                                                                                                            Function 00A72947 Relevance: 7.8, APIs: 5, Instructions: 313fileCOMMON
                                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                                            • DeleteFileW.KERNEL32(?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004), ref: 00A72C05
                                                                                                                                                                                                                                                                                                                                                                            • DeleteFileW.KERNEL32(?), ref: 00A72C87
                                                                                                                                                                                                                                                                                                                                                                            • CopyFileW.KERNEL32(?,?,00000000,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001), ref: 00A72C9D
                                                                                                                                                                                                                                                                                                                                                                            • DeleteFileW.KERNEL32(?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004), ref: 00A72CAE
                                                                                                                                                                                                                                                                                                                                                                            • DeleteFileW.KERNEL32(?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004), ref: 00A72CC0
                                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2226104040.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226057028.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226471803.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226549313.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a00000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                                            • API ID: File$Delete$Copy
                                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3226157194-0
                                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 8637bed127913c53192490ed695308792dae7bc441f92c4ccf9745708a2cef37
                                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 20886968a658521a7ff6536041a08dd0b97f5e19acc6973d33c93135e9bd5ac7
                                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 8637bed127913c53192490ed695308792dae7bc441f92c4ccf9745708a2cef37
                                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 28B13D72D0012DABDF11DFA4DD85EDEB7BDEF49350F1080A6F509E6141EA309A448F61
                                                                                                                                                                                                                                                                                                                                                                            Function 00A8A387 Relevance: 7.8, APIs: 5, Instructions: 256COMMON
                                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                                            • GetCurrentProcessId.KERNEL32 ref: 00A8A427
                                                                                                                                                                                                                                                                                                                                                                            • OpenProcess.KERNEL32(00000410,00000000,00000000), ref: 00A8A435
                                                                                                                                                                                                                                                                                                                                                                            • GetProcessIoCounters.KERNEL32(00000000,?), ref: 00A8A468
                                                                                                                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(?), ref: 00A8A63D
                                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2226104040.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226057028.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226471803.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226549313.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a00000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                                            • API ID: Process$CloseCountersCurrentHandleOpen
                                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3488606520-0
                                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: b5559223f4a1c2db34984a0bcfabec4d6bc6a8288d96308a9b14d8ca7d52f583
                                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 8ebe37126079eb4e6333eeb7daef571d0c15157dda3d69e6961c953d5f5bbae3
                                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: b5559223f4a1c2db34984a0bcfabec4d6bc6a8288d96308a9b14d8ca7d52f583
                                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 34A1C1716043019FE720EF28D986F2AB7E1AF94714F14881DF55A9B2D2DBB0EC41CB92
                                                                                                                                                                                                                                                                                                                                                                            Function 00A3BB27 Relevance: 7.7, APIs: 5, Instructions: 171timeCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                                            • GetTimeZoneInformation.KERNEL32(?,00000000,00000000,00000000,?,00AA3700), ref: 00A3BB91
                                                                                                                                                                                                                                                                                                                                                                            • WideCharToMultiByte.KERNEL32(00000000,00000000,00AD121C,000000FF,00000000,0000003F,00000000,?,?), ref: 00A3BC09
                                                                                                                                                                                                                                                                                                                                                                            • WideCharToMultiByte.KERNEL32(00000000,00000000,00AD1270,000000FF,?,0000003F,00000000,?), ref: 00A3BC36
                                                                                                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 00A3BB7F
                                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00A329C8: RtlFreeHeap.NTDLL(00000000,00000000,?,00A3D7D1,00000000,00000000,00000000,00000000,?,00A3D7F8,00000000,00000007,00000000,?,00A3DBF5,00000000), ref: 00A329DE
                                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00A329C8: GetLastError.KERNEL32(00000000,?,00A3D7D1,00000000,00000000,00000000,00000000,?,00A3D7F8,00000000,00000007,00000000,?,00A3DBF5,00000000,00000000), ref: 00A329F0
                                                                                                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 00A3BD4B
                                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2226104040.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226057028.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226471803.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226549313.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a00000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                                            • API ID: ByteCharMultiWide_free$ErrorFreeHeapInformationLastTimeZone
                                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1286116820-0
                                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 194cd1c6c73879b9a3c22144c39ad0d6410a9bd8023f247da6fa21cf1556e5cc
                                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 4d0069e52f97f94e56946445ad9f8672c13d5b98f6b1eea029998bb3d8f80c7f
                                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 194cd1c6c73879b9a3c22144c39ad0d6410a9bd8023f247da6fa21cf1556e5cc
                                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5451E971910219EFCB20EFA59D829AEB7BDEF44360F10026BF655D7291EB309E41CB60
                                                                                                                                                                                                                                                                                                                                                                            Function 00A6E3FB Relevance: 7.7, APIs: 5, Instructions: 167filestringCOMMON
                                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00A6DDE0: GetFullPathNameW.KERNEL32(00000000,00007FFF,?,?,?,?,?,?,00A6CF22,?), ref: 00A6DDFD
                                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00A6DDE0: GetFullPathNameW.KERNEL32(?,00007FFF,?,?,?,?,?,00A6CF22,?), ref: 00A6DE16
                                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00A6E199: GetFileAttributesW.KERNEL32(?,00A6CF95), ref: 00A6E19A
                                                                                                                                                                                                                                                                                                                                                                            • lstrcmpiW.KERNEL32(?,?), ref: 00A6E473
                                                                                                                                                                                                                                                                                                                                                                            • MoveFileW.KERNEL32(?,?), ref: 00A6E4AC
                                                                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 00A6E5EB
                                                                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 00A6E603
                                                                                                                                                                                                                                                                                                                                                                            • SHFileOperationW.SHELL32(?,?,?,?,?,?), ref: 00A6E650
                                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2226104040.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226057028.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226471803.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226549313.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a00000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                                            • API ID: File$FullNamePath_wcslen$AttributesMoveOperationlstrcmpi
                                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3183298772-0
                                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: b136ecf96fca992380443993a7ee84912d69ac693d231cd2d3dddf0c9b38d40d
                                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: a441ac083c3932a5828867dbf16d47c9a47e9a4519f68f33a7765ebe770d1a1f
                                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: b136ecf96fca992380443993a7ee84912d69ac693d231cd2d3dddf0c9b38d40d
                                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7C51A6B25083849FC724EBA4DD819DF73ECAF84340F00492EF689D3191EF75A6888766
                                                                                                                                                                                                                                                                                                                                                                            Function 00A8B9C9 Relevance: 7.7, APIs: 5, Instructions: 167registryCOMMON
                                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00A09CB3: _wcslen.LIBCMT ref: 00A09CBD
                                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00A8C998: CharUpperBuffW.USER32(?,?,?,?,?,?,?,00A8B6AE,?,?), ref: 00A8C9B5
                                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00A8C998: _wcslen.LIBCMT ref: 00A8C9F1
                                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00A8C998: _wcslen.LIBCMT ref: 00A8CA68
                                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00A8C998: _wcslen.LIBCMT ref: 00A8CA9E
                                                                                                                                                                                                                                                                                                                                                                            • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 00A8BAA5
                                                                                                                                                                                                                                                                                                                                                                            • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 00A8BB00
                                                                                                                                                                                                                                                                                                                                                                            • RegEnumKeyExW.ADVAPI32(?,-00000001,?,?,00000000,00000000,00000000,?), ref: 00A8BB63
                                                                                                                                                                                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(?,?), ref: 00A8BBA6
                                                                                                                                                                                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(00000000), ref: 00A8BBB3
                                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2226104040.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226057028.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226471803.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226549313.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a00000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                                            • API ID: _wcslen$Close$BuffCharConnectEnumOpenRegistryUpper
                                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                                            • API String ID: 826366716-0
                                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: bd7b41f33b9444d4d4e90bc33ce4de13cb866463e0387c3b821fd5f4167a1089
                                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: a1cec1487fd8217669209f3e8e3c17e28d1fb76e709ffbd4edbe83dc11847b54
                                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: bd7b41f33b9444d4d4e90bc33ce4de13cb866463e0387c3b821fd5f4167a1089
                                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7161C131218245EFD314EF14C494E2ABBE5FF84348F14855CF4998B2A2DB31ED45CBA2
                                                                                                                                                                                                                                                                                                                                                                            Function 00A68BB0 Relevance: 7.7, APIs: 5, Instructions: 159COMMON
                                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                                            • VariantInit.OLEAUT32(?), ref: 00A68BCD
                                                                                                                                                                                                                                                                                                                                                                            • VariantClear.OLEAUT32 ref: 00A68C3E
                                                                                                                                                                                                                                                                                                                                                                            • VariantClear.OLEAUT32 ref: 00A68C9D
                                                                                                                                                                                                                                                                                                                                                                            • VariantClear.OLEAUT32(?), ref: 00A68D10
                                                                                                                                                                                                                                                                                                                                                                            • VariantChangeType.OLEAUT32(?,?,00000000,00000013), ref: 00A68D3B
                                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2226104040.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226057028.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226471803.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226549313.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a00000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                                            • API ID: Variant$Clear$ChangeInitType
                                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                                            • API String ID: 4136290138-0
                                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 74e37abc527953135ed2e216847eb2dc16ced205b5cbbae4e97f0d449ca60151
                                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: cb85d848ac305a2708d25f898836cd42037ec7dab6ea5414ac712b2957518ead
                                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 74e37abc527953135ed2e216847eb2dc16ced205b5cbbae4e97f0d449ca60151
                                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 05517BB5A00619EFCB10CF68C884AAAB7F8FF89310B158559F915DB350EB34E911CFA0
                                                                                                                                                                                                                                                                                                                                                                            Function 00A78AFB Relevance: 7.6, APIs: 5, Instructions: 143COMMON
                                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                                            • GetPrivateProfileSectionW.KERNEL32(00000003,?,00007FFF,?), ref: 00A78BAE
                                                                                                                                                                                                                                                                                                                                                                            • GetPrivateProfileSectionW.KERNEL32(?,00000003,00000003,?), ref: 00A78BDA
                                                                                                                                                                                                                                                                                                                                                                            • WritePrivateProfileSectionW.KERNEL32(?,?,?), ref: 00A78C32
                                                                                                                                                                                                                                                                                                                                                                            • WritePrivateProfileStringW.KERNEL32(00000003,00000000,00000000,?), ref: 00A78C57
                                                                                                                                                                                                                                                                                                                                                                            • WritePrivateProfileStringW.KERNEL32(00000000,00000000,00000000,?), ref: 00A78C5F
                                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2226104040.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226057028.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226471803.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226549313.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a00000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                                            • API ID: PrivateProfile$SectionWrite$String
                                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                                            • API String ID: 2832842796-0
                                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 94ba65a04f4effb281febda64b29f010b64a5079209f116c832fced12dca8c0f
                                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: df54a7b35975c5257fb5e0b6d2219913ed42608df30b7fd7297eed5cf2cb322e
                                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 94ba65a04f4effb281febda64b29f010b64a5079209f116c832fced12dca8c0f
                                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D5513A35A002199FCB01DF64C985AADBBF5BF48314F08C459E84AAB3A2CB35ED41CB90
                                                                                                                                                                                                                                                                                                                                                                            Function 00A88EE4 Relevance: 7.6, APIs: 5, Instructions: 143libraryloaderCOMMON
                                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                                            • LoadLibraryW.KERNEL32(?,00000000,?), ref: 00A88F40
                                                                                                                                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,?), ref: 00A88FD0
                                                                                                                                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,00000000), ref: 00A88FEC
                                                                                                                                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,?), ref: 00A89032
                                                                                                                                                                                                                                                                                                                                                                            • FreeLibrary.KERNEL32(00000000), ref: 00A89052
                                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00A1F6C9: WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,00000000,00000000,00000000,?,00000000,?,?,?,00A71043,?,7529E610), ref: 00A1F6E6
                                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00A1F6C9: WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,00A5FA64,00000000,00000000,?,?,00A71043,?,7529E610,?,00A5FA64), ref: 00A1F70D
                                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2226104040.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226057028.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226471803.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226549313.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a00000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                                            • API ID: AddressProc$ByteCharLibraryMultiWide$FreeLoad
                                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                                            • API String ID: 666041331-0
                                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 11b36b1c1e63987998cc5ff679aaa4398478d2bec6ba6864c2443bdb5451cc60
                                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 13503d135921f7dee3039b2cbde48057286721356ea64f81255de090f4e4c245
                                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 11b36b1c1e63987998cc5ff679aaa4398478d2bec6ba6864c2443bdb5451cc60
                                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D3514035605205DFC711EF54C5848AEBBF1FF49324B488099E91A9B362DB31ED86CF91
                                                                                                                                                                                                                                                                                                                                                                            Function 00A96B76 Relevance: 7.6, APIs: 5, Instructions: 131windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                                            • SetWindowLongW.USER32(00000002,000000F0,?), ref: 00A96C33
                                                                                                                                                                                                                                                                                                                                                                            • SetWindowLongW.USER32(?,000000EC,?), ref: 00A96C4A
                                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000002,00001036,00000000,?), ref: 00A96C73
                                                                                                                                                                                                                                                                                                                                                                            • ShowWindow.USER32(00000002,00000000,00000002,00000002,?,?,?,?,?,?,?,00A7AB79,00000000,00000000), ref: 00A96C98
                                                                                                                                                                                                                                                                                                                                                                            • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000027,00000002,?,00000001,00000002,00000002,?,?,?), ref: 00A96CC7
                                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2226104040.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226057028.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226471803.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226549313.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a00000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                                            • API ID: Window$Long$MessageSendShow
                                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3688381893-0
                                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: cc84716b8fe38a0f53e7134c881d52736aee1ed5cc42f2b49414ab9c822fef5b
                                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 4a363215b8c02cd0fbccb14b664e4e05b5a828b2c9d0c7280b815294bffd712b
                                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: cc84716b8fe38a0f53e7134c881d52736aee1ed5cc42f2b49414ab9c822fef5b
                                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: CC41AE35B04104AFDF24CF68CD98FA97BE5EF09360F150229F999A72A0D771AD41CA50
                                                                                                                                                                                                                                                                                                                                                                            Function 00A32051 Relevance: 7.6, APIs: 5, Instructions: 129COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2226104040.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226057028.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226471803.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226549313.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a00000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                                            • API ID: _free
                                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                                            • API String ID: 269201875-0
                                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 51aa75ec95fbfb2a17f6e6f88b7b4bf8fb69ea548a1b5397194dd40f8b2ab1c8
                                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 9307b560e2bfbb5a727d4bf68968204168cbf2491b9fadc4f139f117826d673b
                                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 51aa75ec95fbfb2a17f6e6f88b7b4bf8fb69ea548a1b5397194dd40f8b2ab1c8
                                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: E741B132A00200AFCB24DF78C981B5EB7B5EF89714F1545A9F616EB391DA31AD01CB80
                                                                                                                                                                                                                                                                                                                                                                            Function 00A1912D Relevance: 7.6, APIs: 5, Instructions: 121keyboardCOMMON
                                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                                            • GetCursorPos.USER32(?), ref: 00A19141
                                                                                                                                                                                                                                                                                                                                                                            • ScreenToClient.USER32(00000000,?), ref: 00A1915E
                                                                                                                                                                                                                                                                                                                                                                            • GetAsyncKeyState.USER32(00000001), ref: 00A19183
                                                                                                                                                                                                                                                                                                                                                                            • GetAsyncKeyState.USER32(00000002), ref: 00A1919D
                                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2226104040.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226057028.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226471803.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226549313.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a00000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                                            • API ID: AsyncState$ClientCursorScreen
                                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                                            • API String ID: 4210589936-0
                                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 975c824cd6f9ef9dea6a6bc2abe8cc918874c8423fa6aeda228ae07efa95c2e6
                                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 9fe5dfc5bb04af64d29e6c0b42b1bb7b2097e211f4e22a78cccaa8f43f7ad739
                                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 975c824cd6f9ef9dea6a6bc2abe8cc918874c8423fa6aeda228ae07efa95c2e6
                                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: ED414075A0851ABBDF159F64D858BEEB7B4FB05324F204315E829A72E0C7306994CB51
                                                                                                                                                                                                                                                                                                                                                                            Function 00A73874 Relevance: 7.6, APIs: 5, Instructions: 101windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                                            • GetInputState.USER32 ref: 00A738CB
                                                                                                                                                                                                                                                                                                                                                                            • TranslateAcceleratorW.USER32(?,00000000,?), ref: 00A73922
                                                                                                                                                                                                                                                                                                                                                                            • TranslateMessage.USER32(?), ref: 00A7394B
                                                                                                                                                                                                                                                                                                                                                                            • DispatchMessageW.USER32(?), ref: 00A73955
                                                                                                                                                                                                                                                                                                                                                                            • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00A73966
                                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2226104040.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226057028.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226471803.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226549313.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a00000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                                            • API ID: Message$Translate$AcceleratorDispatchInputPeekState
                                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                                            • API String ID: 2256411358-0
                                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 5a23b7118d87c938faae469d00fa88637b92e6d3f675c216e35705c691bfcb2a
                                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 3fe6224245ae54e277d60265203044073d9b1059e34f9d90f2cbe8d2c3e930c0
                                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 5a23b7118d87c938faae469d00fa88637b92e6d3f675c216e35705c691bfcb2a
                                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: E1312B72605341AEEF34CBB4DC68BB637E8AB05300F05C56ED56B86190D7F49686EB11
                                                                                                                                                                                                                                                                                                                                                                            Function 00A7CF1A Relevance: 7.6, APIs: 5, Instructions: 93networkfileCOMMON
                                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                                            • InternetQueryDataAvailable.WININET(?,?,00000000,00000000,00000000,?,00000000,?,?,?,00A7C21E,00000000), ref: 00A7CF38
                                                                                                                                                                                                                                                                                                                                                                            • InternetReadFile.WININET(?,00000000,?,?), ref: 00A7CF6F
                                                                                                                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,00000000,?,?,?,00A7C21E,00000000), ref: 00A7CFB4
                                                                                                                                                                                                                                                                                                                                                                            • SetEvent.KERNEL32(?,?,00000000,?,?,?,00A7C21E,00000000), ref: 00A7CFC8
                                                                                                                                                                                                                                                                                                                                                                            • SetEvent.KERNEL32(?,?,00000000,?,?,?,00A7C21E,00000000), ref: 00A7CFF2
                                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2226104040.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226057028.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226471803.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226549313.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a00000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                                            • API ID: EventInternet$AvailableDataErrorFileLastQueryRead
                                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3191363074-0
                                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 40c2b33bb96601f0e78fadc5f746bacb822c65ff2af484f0460831fed60aa911
                                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: ae8368b4f7f968a5f652e233dc9e013dcff3a40c02d75068f1e213a9de152619
                                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 40c2b33bb96601f0e78fadc5f746bacb822c65ff2af484f0460831fed60aa911
                                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 77314871600705AFDB20DFA5DD84AABBBF9EB14365B10C42EF50AE2141DB30AE41DB60
                                                                                                                                                                                                                                                                                                                                                                            Function 00A61901 Relevance: 7.6, APIs: 5, Instructions: 93sleepwindowCOMMON
                                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                                            • GetWindowRect.USER32(?,?), ref: 00A61915
                                                                                                                                                                                                                                                                                                                                                                            • PostMessageW.USER32(00000001,00000201,00000001), ref: 00A619C1
                                                                                                                                                                                                                                                                                                                                                                            • Sleep.KERNEL32(00000000,?,?,?), ref: 00A619C9
                                                                                                                                                                                                                                                                                                                                                                            • PostMessageW.USER32(00000001,00000202,00000000), ref: 00A619DA
                                                                                                                                                                                                                                                                                                                                                                            • Sleep.KERNEL32(00000000,?,?,?,?), ref: 00A619E2
                                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2226104040.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226057028.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226471803.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226549313.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a00000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                                            • API ID: MessagePostSleep$RectWindow
                                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3382505437-0
                                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 57d24810a7dc5f34c4adb251edb5ac1421e419cc1777f203c3c59c7b66c79d91
                                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 19e0d62a5a4ce8aa60570a2778015c84231e182a1991c92f8bd3154abaea5da3
                                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 57d24810a7dc5f34c4adb251edb5ac1421e419cc1777f203c3c59c7b66c79d91
                                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1931C072A00219EFCB00CFA8CD99ADE3FB5EB04325F144229FA21A72D1C7709944CB90
                                                                                                                                                                                                                                                                                                                                                                            Function 00A95706 Relevance: 7.6, APIs: 5, Instructions: 82windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00001053,000000FF,?), ref: 00A95745
                                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00001074,?,00000001), ref: 00A9579D
                                                                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 00A957AF
                                                                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 00A957BA
                                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00001002,00000000,?), ref: 00A95816
                                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2226104040.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226057028.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226471803.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226549313.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a00000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                                            • API ID: MessageSend$_wcslen
                                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                                            • API String ID: 763830540-0
                                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 4f240ba0b22478a0d3beb63253c0ac92dd810cc3c6818370fd74399a5fd5d25b
                                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: aecf2d0006e03b38973ed860b6ac8e1ddf88e0f35c54996e9872a7509de3a3c3
                                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4f240ba0b22478a0d3beb63253c0ac92dd810cc3c6818370fd74399a5fd5d25b
                                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0021A271E04618AADF21CFB4DC86AEE77F9FF44720F108216E929EA180D7748A85CF50
                                                                                                                                                                                                                                                                                                                                                                            Function 00A80930 Relevance: 7.6, APIs: 5, Instructions: 69COMMON
                                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                                            • IsWindow.USER32(00000000), ref: 00A80951
                                                                                                                                                                                                                                                                                                                                                                            • GetForegroundWindow.USER32 ref: 00A80968
                                                                                                                                                                                                                                                                                                                                                                            • GetDC.USER32(00000000), ref: 00A809A4
                                                                                                                                                                                                                                                                                                                                                                            • GetPixel.GDI32(00000000,?,00000003), ref: 00A809B0
                                                                                                                                                                                                                                                                                                                                                                            • ReleaseDC.USER32(00000000,00000003), ref: 00A809E8
                                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2226104040.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226057028.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226471803.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226549313.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a00000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                                            • API ID: Window$ForegroundPixelRelease
                                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                                            • API String ID: 4156661090-0
                                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 821a1a98bb33742153dc60282c4341f53e893ce802705bd2b769512e961079ea
                                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 233b1afd734121e1934ced1394b2f107dd8970d34ec82aeb2bdf4bbbf5f5e8a5
                                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 821a1a98bb33742153dc60282c4341f53e893ce802705bd2b769512e961079ea
                                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3D218135600204AFD714EFA9DD84EAEBBF5EF48710F048069E85A97362DB30AC45CB50
                                                                                                                                                                                                                                                                                                                                                                            Function 00A3CDBD Relevance: 7.6, APIs: 5, Instructions: 68COMMON
                                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                                            • GetEnvironmentStringsW.KERNEL32 ref: 00A3CDC6
                                                                                                                                                                                                                                                                                                                                                                            • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00A3CDE9
                                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00A33820: RtlAllocateHeap.NTDLL(00000000,?,00AD1444,?,00A1FDF5,?,?,00A0A976,00000010,00AD1440,00A013FC,?,00A013C6,?,00A01129), ref: 00A33852
                                                                                                                                                                                                                                                                                                                                                                            • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,?,00000000,00000000), ref: 00A3CE0F
                                                                                                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 00A3CE22
                                                                                                                                                                                                                                                                                                                                                                            • FreeEnvironmentStringsW.KERNEL32(00000000), ref: 00A3CE31
                                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2226104040.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226057028.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226471803.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226549313.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a00000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                                            • API ID: ByteCharEnvironmentMultiStringsWide$AllocateFreeHeap_free
                                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                                            • API String ID: 336800556-0
                                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: a3b82a15538bb5bd8d43a4bbf2c5440ea1e86f66b3b0f69b4c42e9ede9afc700
                                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 50fb3b615565c8cbd430db8defca39829d0824a78bc2a17be3297b72020f22d1
                                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a3b82a15538bb5bd8d43a4bbf2c5440ea1e86f66b3b0f69b4c42e9ede9afc700
                                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D301F7726016257FA32167B67C8CD7B796DDEC6FB1B25012AFD05E7201EE618D0283B0
                                                                                                                                                                                                                                                                                                                                                                            Function 00A19639 Relevance: 7.6, APIs: 5, Instructions: 66COMMON
                                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                                            • ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,00000000), ref: 00A19693
                                                                                                                                                                                                                                                                                                                                                                            • SelectObject.GDI32(?,00000000), ref: 00A196A2
                                                                                                                                                                                                                                                                                                                                                                            • BeginPath.GDI32(?), ref: 00A196B9
                                                                                                                                                                                                                                                                                                                                                                            • SelectObject.GDI32(?,00000000), ref: 00A196E2
                                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2226104040.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226057028.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226471803.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226549313.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a00000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                                            • API ID: ObjectSelect$BeginCreatePath
                                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3225163088-0
                                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 27004e0414888d6abc86530aeb435d834778c0e5e056a9dacce424c35e6e3eb1
                                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 9c698bfe9f34a13daa270c2dc566a059126c62d7ae6a2cec38a95ba45a29e811
                                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 27004e0414888d6abc86530aeb435d834778c0e5e056a9dacce424c35e6e3eb1
                                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 16214F70902305FBDB11DFA4EC247EA3BB8BB50365F500217F832A61B1D7705896CBA5
                                                                                                                                                                                                                                                                                                                                                                            Function 00A1990C Relevance: 7.6, APIs: 5, Instructions: 65COMMON
                                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                                            • GetSysColor.USER32(00000008), ref: 00A198CC
                                                                                                                                                                                                                                                                                                                                                                            • SetTextColor.GDI32(?,?), ref: 00A198D6
                                                                                                                                                                                                                                                                                                                                                                            • SetBkMode.GDI32(?,00000001), ref: 00A198E9
                                                                                                                                                                                                                                                                                                                                                                            • GetStockObject.GDI32(00000005), ref: 00A198F1
                                                                                                                                                                                                                                                                                                                                                                            • GetWindowLongW.USER32(?,000000EB), ref: 00A19952
                                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2226104040.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226057028.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226471803.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226549313.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a00000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                                            • API ID: Color$LongModeObjectStockTextWindow
                                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1860813098-0
                                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 890eb222ffb7741905a9437c7fb39b37de4fe70bcabcd83605233395aeb57fe4
                                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 2cf01ada42b638b18110af098a933ee82c89fba5cd25244bbde2929007e79930
                                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 890eb222ffb7741905a9437c7fb39b37de4fe70bcabcd83605233395aeb57fe4
                                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: B9212731246250AFCB128F64EC64AEB3B70EF13771B18425EF9928E1B1CB314982CB51
                                                                                                                                                                                                                                                                                                                                                                            Function 00A65711 Relevance: 7.6, APIs: 5, Instructions: 61COMMON
                                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2226104040.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226057028.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226471803.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226549313.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a00000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                                            • API ID: _memcmp
                                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                                            • API String ID: 2931989736-0
                                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: bbf89b7803b0ca77f776078dd43f48cb7bf60019f4e54c7fbf6dc8c3a2a0ddb8
                                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 1ecb057d2465bf82627e3c1dda88e109bf2535628c7c7e6063a767060c298ddc
                                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: bbf89b7803b0ca77f776078dd43f48cb7bf60019f4e54c7fbf6dc8c3a2a0ddb8
                                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 88015271B41619BE96089625AF82EBA63ADAB613A4F004831FD04AE641F661ED2082A5
                                                                                                                                                                                                                                                                                                                                                                            Function 00A32DF8 Relevance: 7.6, APIs: 5, Instructions: 53COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,?,?,00A2F2DE,00A33863,00AD1444,?,00A1FDF5,?,?,00A0A976,00000010,00AD1440,00A013FC,?,00A013C6), ref: 00A32DFD
                                                                                                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 00A32E32
                                                                                                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 00A32E59
                                                                                                                                                                                                                                                                                                                                                                            • SetLastError.KERNEL32(00000000,00A01129), ref: 00A32E66
                                                                                                                                                                                                                                                                                                                                                                            • SetLastError.KERNEL32(00000000,00A01129), ref: 00A32E6F
                                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2226104040.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226057028.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226471803.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226549313.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a00000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                                            • API ID: ErrorLast$_free
                                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3170660625-0
                                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 8bb39c4a74987f698f5e783a5ca2d2a86b9fc3a475f77c0e3ad59d901037f584
                                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 02732ed2f91cf8ed0c859eac605fe74d289a8f1124a06a4c54ecbbb08dae9366
                                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 8bb39c4a74987f698f5e783a5ca2d2a86b9fc3a475f77c0e3ad59d901037f584
                                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: DA012832205A006BCA12A7B57D47F2B2E6DABD53B1F350129F425A32D2EF748C025320
                                                                                                                                                                                                                                                                                                                                                                            Function 00A6000E Relevance: 7.5, APIs: 5, Instructions: 47stringCOMMON
                                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                                            • CLSIDFromProgID.OLE32(?,?,?,00000000,?,?,?,-C000001E,00000001,?,00A5FF41,80070057,?,?,?,00A6035E), ref: 00A6002B
                                                                                                                                                                                                                                                                                                                                                                            • ProgIDFromCLSID.OLE32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,00A5FF41,80070057,?,?), ref: 00A60046
                                                                                                                                                                                                                                                                                                                                                                            • lstrcmpiW.KERNEL32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,00A5FF41,80070057,?,?), ref: 00A60054
                                                                                                                                                                                                                                                                                                                                                                            • CoTaskMemFree.OLE32(00000000,?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,00A5FF41,80070057,?), ref: 00A60064
                                                                                                                                                                                                                                                                                                                                                                            • CLSIDFromString.OLE32(?,?,?,?,?,00000000,?,?,?,-C000001E,00000001,?,00A5FF41,80070057,?,?), ref: 00A60070
                                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2226104040.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226057028.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226471803.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226549313.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a00000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                                            • API ID: From$Prog$FreeStringTasklstrcmpi
                                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3897988419-0
                                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: ade3bee65eba24dbd44846da5440b2bf64a49b7cbdae1b46138551cbcfb3d409
                                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 101e40950ba63da1b79d5fbd3647a978cc2826e6341260cce97b4cc864b4cfe7
                                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: ade3bee65eba24dbd44846da5440b2bf64a49b7cbdae1b46138551cbcfb3d409
                                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: E9018B72600604BFDB118FA8DC08FAB7ABDEB447A2F158125F905D6210EBB1DD818BA0
                                                                                                                                                                                                                                                                                                                                                                            Function 00A6E97B Relevance: 7.5, APIs: 5, Instructions: 47sleepCOMMON
                                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                                            • QueryPerformanceCounter.KERNEL32(?), ref: 00A6E997
                                                                                                                                                                                                                                                                                                                                                                            • QueryPerformanceFrequency.KERNEL32(?), ref: 00A6E9A5
                                                                                                                                                                                                                                                                                                                                                                            • Sleep.KERNEL32(00000000), ref: 00A6E9AD
                                                                                                                                                                                                                                                                                                                                                                            • QueryPerformanceCounter.KERNEL32(?), ref: 00A6E9B7
                                                                                                                                                                                                                                                                                                                                                                            • Sleep.KERNEL32 ref: 00A6E9F3
                                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2226104040.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226057028.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226471803.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226549313.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a00000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                                            • API ID: PerformanceQuery$CounterSleep$Frequency
                                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                                            • API String ID: 2833360925-0
                                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 721ca464ba7b5768199e9da42906bb25c9992d9e4108b1e5ca3136aa799ab292
                                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 0c535de7a9f2c8124ee1f653b8a194cafd24f80cbc26ccab5b3228fde1841dc2
                                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 721ca464ba7b5768199e9da42906bb25c9992d9e4108b1e5ca3136aa799ab292
                                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: B5015736D01A29DBCF00EFE5DC59AEDFB78FF08B11F100646E502B2241CB3095528BA5
                                                                                                                                                                                                                                                                                                                                                                            Function 00A610F9 Relevance: 7.5, APIs: 5, Instructions: 46memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                                            • GetUserObjectSecurity.USER32(?,00000004,?,00000000,?), ref: 00A61114
                                                                                                                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,00000000,00000000,?,?,00A60B9B,?,?,?), ref: 00A61120
                                                                                                                                                                                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000008,?,?,00000000,00000000,?,?,00A60B9B,?,?,?), ref: 00A6112F
                                                                                                                                                                                                                                                                                                                                                                            • HeapAlloc.KERNEL32(00000000,?,00000000,00000000,?,?,00A60B9B,?,?,?), ref: 00A61136
                                                                                                                                                                                                                                                                                                                                                                            • GetUserObjectSecurity.USER32(?,00000004,00000000,?,?), ref: 00A6114D
                                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2226104040.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226057028.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226471803.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226549313.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a00000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                                            • API ID: HeapObjectSecurityUser$AllocErrorLastProcess
                                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                                            • API String ID: 842720411-0
                                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 827aad5ce8c368659ac53628999686e074eafdd5bddc494b2b8bf6e231062881
                                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: c93e927c7b119286f0fcf53d5604c6e961f3c4db56427abd5c7b4303fb83be9d
                                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 827aad5ce8c368659ac53628999686e074eafdd5bddc494b2b8bf6e231062881
                                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 420169B5200605BFDB118FA4DC49A6A3F7EEF8A3A4B64441AFA41C7360DE31DC018A60
                                                                                                                                                                                                                                                                                                                                                                            Function 00A60FB4 Relevance: 7.5, APIs: 5, Instructions: 43memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                                            • GetTokenInformation.ADVAPI32(?,00000002,?,00000000,?), ref: 00A60FCA
                                                                                                                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,00000002,?,00000000,?), ref: 00A60FD6
                                                                                                                                                                                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000008,?,?,00000002,?,00000000,?), ref: 00A60FE5
                                                                                                                                                                                                                                                                                                                                                                            • HeapAlloc.KERNEL32(00000000,?,00000002,?,00000000,?), ref: 00A60FEC
                                                                                                                                                                                                                                                                                                                                                                            • GetTokenInformation.ADVAPI32(?,00000002,00000000,?,?,?,00000002,?,00000000,?), ref: 00A61002
                                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2226104040.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226057028.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226471803.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226549313.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a00000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                                            • API ID: HeapInformationToken$AllocErrorLastProcess
                                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                                            • API String ID: 44706859-0
                                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: a5108117ae5c986483bd943b3e472a7c3cea85ce6bc73156cb81550ffced509e
                                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 48363efb599037a27e54772bcd87541d64c2928b5bd66f3e292d6b60135ae1f5
                                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a5108117ae5c986483bd943b3e472a7c3cea85ce6bc73156cb81550ffced509e
                                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 70F04935200711ABDB218FA49C49F5A3FADEF89762F654426FA46C6261CE70DC418A70
                                                                                                                                                                                                                                                                                                                                                                            Function 00A61014 Relevance: 7.5, APIs: 5, Instructions: 43memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                                            • GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),?,00000000,?), ref: 00A6102A
                                                                                                                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,TokenIntegrityLevel,?,00000000,?), ref: 00A61036
                                                                                                                                                                                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000008,?,?,TokenIntegrityLevel,?,00000000,?), ref: 00A61045
                                                                                                                                                                                                                                                                                                                                                                            • HeapAlloc.KERNEL32(00000000,?,TokenIntegrityLevel,?,00000000,?), ref: 00A6104C
                                                                                                                                                                                                                                                                                                                                                                            • GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),00000000,?,?,?,TokenIntegrityLevel,?,00000000,?), ref: 00A61062
                                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2226104040.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226057028.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226471803.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226549313.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a00000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                                            • API ID: HeapInformationToken$AllocErrorLastProcess
                                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                                            • API String ID: 44706859-0
                                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 28041edd6ed666a572b58a96bd37f3b43cf006ce284cf74b432b86c2f911ea60
                                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: a92120eac476aefc21a70bcefec27f2baab0b663cad73d2c597e6f6adb3cb1ef
                                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 28041edd6ed666a572b58a96bd37f3b43cf006ce284cf74b432b86c2f911ea60
                                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 58F04935200711ABDF219FA4EC49F5A3FADEF89761F650426FA45C6260CE70D8418AB0
                                                                                                                                                                                                                                                                                                                                                                            Function 00A7030F Relevance: 7.5, APIs: 6, Instructions: 41COMMON
                                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(?,?,?,?,00A7017D,?,00A732FC,?,00000001,00A42592,?), ref: 00A70324
                                                                                                                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(?,?,?,?,00A7017D,?,00A732FC,?,00000001,00A42592,?), ref: 00A70331
                                                                                                                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(?,?,?,?,00A7017D,?,00A732FC,?,00000001,00A42592,?), ref: 00A7033E
                                                                                                                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(?,?,?,?,00A7017D,?,00A732FC,?,00000001,00A42592,?), ref: 00A7034B
                                                                                                                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(?,?,?,?,00A7017D,?,00A732FC,?,00000001,00A42592,?), ref: 00A70358
                                                                                                                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(?,?,?,?,00A7017D,?,00A732FC,?,00000001,00A42592,?), ref: 00A70365
                                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2226104040.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226057028.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226471803.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226549313.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a00000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                                            • API ID: CloseHandle
                                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                                            • API String ID: 2962429428-0
                                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: d02aac1378304f555f90b72c956e5890753829a14f5232cb50eec266f908283d
                                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 2ce346ca514176ba4b860f85a8932369e058d0b492f785948d50bc46c5037c65
                                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d02aac1378304f555f90b72c956e5890753829a14f5232cb50eec266f908283d
                                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: B6019C72800B15DFCB30AF66DC90812FBF9BE60215315CA3FD1AA96931C7B1A959CE80
                                                                                                                                                                                                                                                                                                                                                                            Function 00A3D73A Relevance: 7.5, APIs: 5, Instructions: 40COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 00A3D752
                                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00A329C8: RtlFreeHeap.NTDLL(00000000,00000000,?,00A3D7D1,00000000,00000000,00000000,00000000,?,00A3D7F8,00000000,00000007,00000000,?,00A3DBF5,00000000), ref: 00A329DE
                                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00A329C8: GetLastError.KERNEL32(00000000,?,00A3D7D1,00000000,00000000,00000000,00000000,?,00A3D7F8,00000000,00000007,00000000,?,00A3DBF5,00000000,00000000), ref: 00A329F0
                                                                                                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 00A3D764
                                                                                                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 00A3D776
                                                                                                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 00A3D788
                                                                                                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 00A3D79A
                                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2226104040.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226057028.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226471803.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226549313.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a00000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                                            • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                                            • API String ID: 776569668-0
                                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 11acaf5b7de7a1653807b6802720db3bffcf7393ae7b1615acbb408d5ea310c9
                                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 5914ccdffadc1f388180d3b5ec996becf0d32926e5a1719fb72451a6861c34c1
                                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 11acaf5b7de7a1653807b6802720db3bffcf7393ae7b1615acbb408d5ea310c9
                                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D5F0BD72545218EBC625EBA8FAC6E1A7BDDBB84720FA50C45F049E7552CB30FC818B64
                                                                                                                                                                                                                                                                                                                                                                            Function 00A65C44 Relevance: 7.5, APIs: 5, Instructions: 40windowtimeCOMMON
                                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                                            • GetDlgItem.USER32(?,000003E9), ref: 00A65C58
                                                                                                                                                                                                                                                                                                                                                                            • GetWindowTextW.USER32(00000000,?,00000100), ref: 00A65C6F
                                                                                                                                                                                                                                                                                                                                                                            • MessageBeep.USER32(00000000), ref: 00A65C87
                                                                                                                                                                                                                                                                                                                                                                            • KillTimer.USER32(?,0000040A), ref: 00A65CA3
                                                                                                                                                                                                                                                                                                                                                                            • EndDialog.USER32(?,00000001), ref: 00A65CBD
                                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2226104040.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226057028.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226471803.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226549313.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a00000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                                            • API ID: BeepDialogItemKillMessageTextTimerWindow
                                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3741023627-0
                                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 36935781bf09d89d30cffed909284bd8b1547c3121cd9102e9055c6f75770468
                                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: ad78c37a428a6b9068f2ca7eb53d9d7ab1e74e954ae45a28e89f573b2be2402f
                                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 36935781bf09d89d30cffed909284bd8b1547c3121cd9102e9055c6f75770468
                                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1B018B30A00B049FEB245B60DD8EF9577B8BB01705F00155AA643A10E1DFF099458B50
                                                                                                                                                                                                                                                                                                                                                                            Function 00A322A0 Relevance: 7.5, APIs: 5, Instructions: 30COMMON
                                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 00A322BE
                                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00A329C8: RtlFreeHeap.NTDLL(00000000,00000000,?,00A3D7D1,00000000,00000000,00000000,00000000,?,00A3D7F8,00000000,00000007,00000000,?,00A3DBF5,00000000), ref: 00A329DE
                                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00A329C8: GetLastError.KERNEL32(00000000,?,00A3D7D1,00000000,00000000,00000000,00000000,?,00A3D7F8,00000000,00000007,00000000,?,00A3DBF5,00000000,00000000), ref: 00A329F0
                                                                                                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 00A322D0
                                                                                                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 00A322E3
                                                                                                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 00A322F4
                                                                                                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 00A32305
                                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2226104040.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226057028.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226471803.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226549313.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a00000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                                            • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                                            • API String ID: 776569668-0
                                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: d3250012aabdab070aae5b9ab5debdeb7eee812627d2b8f310b72d8f4079918b
                                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: f02410b43b5178ff8e66c782a0d38d1d91e25e92d5cec12cda54850322e63ad0
                                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d3250012aabdab070aae5b9ab5debdeb7eee812627d2b8f310b72d8f4079918b
                                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 07F0B7798021209BC612EFD8BD01F893B65F758761F16059BF416D62B1C7310953AFE4
                                                                                                                                                                                                                                                                                                                                                                            Function 00A195C5 Relevance: 7.5, APIs: 5, Instructions: 29COMMON
                                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                                            • EndPath.GDI32(?), ref: 00A195D4
                                                                                                                                                                                                                                                                                                                                                                            • StrokeAndFillPath.GDI32(?,?,00A571F7,00000000,?,?,?), ref: 00A195F0
                                                                                                                                                                                                                                                                                                                                                                            • SelectObject.GDI32(?,00000000), ref: 00A19603
                                                                                                                                                                                                                                                                                                                                                                            • DeleteObject.GDI32 ref: 00A19616
                                                                                                                                                                                                                                                                                                                                                                            • StrokePath.GDI32(?), ref: 00A19631
                                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2226104040.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226057028.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226471803.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226549313.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a00000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                                            • API ID: Path$ObjectStroke$DeleteFillSelect
                                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                                            • API String ID: 2625713937-0
                                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: d7ffce62a8d8ccbaa6d61a554b0162bb9f2afc585d75de69b4fdda4713e5fe4b
                                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 2b3669a2b752de7f344ec0c9654288c248786406ab24ab36680bdc36f3c60a3a
                                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d7ffce62a8d8ccbaa6d61a554b0162bb9f2afc585d75de69b4fdda4713e5fe4b
                                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7DF0EC31106604EBDB16DFA9ED2C7A53B65AB01332F548216F476550F1CB308997DF34
                                                                                                                                                                                                                                                                                                                                                                            Function 00A30F47 Relevance: 7.4, APIs: 2, Strings: 2, Instructions: 389COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2226104040.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226057028.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226471803.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226549313.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a00000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                                            • API ID: __freea$_free
                                                                                                                                                                                                                                                                                                                                                                            • String ID: a/p$am/pm
                                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3432400110-3206640213
                                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 73840406fafde0dc17377e467b0cc9ce364f605d9ad369d8890b804b235c32fb
                                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: cd281fbb3994b15fc40aa4804f9ab34a19ce65af5879f631bf62fd11189109aa
                                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 73840406fafde0dc17377e467b0cc9ce364f605d9ad369d8890b804b235c32fb
                                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: A8D11471900206DBDB689F68C895BFEB7B1FF06700F28426AF941AF651D3759D80CB91
                                                                                                                                                                                                                                                                                                                                                                            Function 00A87B7E Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 230COMMON
                                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00A20242: EnterCriticalSection.KERNEL32(00AD070C,00AD1884,?,?,00A1198B,00AD2518,?,?,?,00A012F9,00000000), ref: 00A2024D
                                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00A20242: LeaveCriticalSection.KERNEL32(00AD070C,?,00A1198B,00AD2518,?,?,?,00A012F9,00000000), ref: 00A2028A
                                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00A09CB3: _wcslen.LIBCMT ref: 00A09CBD
                                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00A200A3: __onexit.LIBCMT ref: 00A200A9
                                                                                                                                                                                                                                                                                                                                                                            • __Init_thread_footer.LIBCMT ref: 00A87BFB
                                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00A201F8: EnterCriticalSection.KERNEL32(00AD070C,?,?,00A18747,00AD2514), ref: 00A20202
                                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00A201F8: LeaveCriticalSection.KERNEL32(00AD070C,?,00A18747,00AD2514), ref: 00A20235
                                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2226104040.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226057028.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226471803.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226549313.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a00000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                                            • API ID: CriticalSection$EnterLeave$Init_thread_footer__onexit_wcslen
                                                                                                                                                                                                                                                                                                                                                                            • String ID: 5$G$Variable must be of type 'Object'.
                                                                                                                                                                                                                                                                                                                                                                            • API String ID: 535116098-3733170431
                                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 184fcb8a0bc87e31d9cbdd2b86e93a9039934df99b5ab835df6c75867cb5f836
                                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 2510798b9498510f7d3bf591157fa69323f27f341310f3f2a807cf1c4e80e0b8
                                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 184fcb8a0bc87e31d9cbdd2b86e93a9039934df99b5ab835df6c75867cb5f836
                                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2B915875A04209EFCB14EF98D991DADB7B2FF48304F248059F806AB292DB71EE45CB51
                                                                                                                                                                                                                                                                                                                                                                            Function 00A62716 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 121windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00A6B403: WriteProcessMemory.KERNEL32(?,?,?,00000000,00000000,00000000,?,00A621D0,?,?,00000034,00000800,?,00000034), ref: 00A6B42D
                                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00001104,00000000,00000000), ref: 00A62760
                                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00A6B3CE: ReadProcessMemory.KERNEL32(?,?,?,00000000,00000000,00000000,?,00A621FF,?,?,00000800,?,00001073,00000000,?,?), ref: 00A6B3F8
                                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00A6B32A: GetWindowThreadProcessId.USER32(?,?), ref: 00A6B355
                                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00A6B32A: OpenProcess.KERNEL32(00000438,00000000,?,?,?,00A62194,00000034,?,?,00001004,00000000,00000000), ref: 00A6B365
                                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00A6B32A: VirtualAllocEx.KERNEL32(00000000,00000000,?,00001000,00000004,?,?,00A62194,00000034,?,?,00001004,00000000,00000000), ref: 00A6B37B
                                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00001111,00000000,00000000), ref: 00A627CD
                                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00001111,00000000,00000000), ref: 00A6281A
                                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2226104040.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226057028.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226471803.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226549313.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a00000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                                            • API ID: Process$MessageSend$Memory$AllocOpenReadThreadVirtualWindowWrite
                                                                                                                                                                                                                                                                                                                                                                            • String ID: @
                                                                                                                                                                                                                                                                                                                                                                            • API String ID: 4150878124-2766056989
                                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 415b2211b50bcfd51d57b13d73f229afced8b093e7a471f9821b567a52cff02e
                                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 8a871380b80e17aff9cc5f2d6ea7e1cc2413c2487f95069e100bdf134c96d582
                                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 415b2211b50bcfd51d57b13d73f229afced8b093e7a471f9821b567a52cff02e
                                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: AC41FB76A00218AFDB10DFA4CD46FEEBBB8AF09700F108055FA55B7181DB706E85DBA1
                                                                                                                                                                                                                                                                                                                                                                            Function 00A3172E Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 115COMMON
                                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                                            • GetModuleFileNameW.KERNEL32(00000000,C:\Users\user\Desktop\file.exe,00000104), ref: 00A31769
                                                                                                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 00A31834
                                                                                                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 00A3183E
                                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2226104040.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226057028.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226471803.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226549313.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a00000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                                            • API ID: _free$FileModuleName
                                                                                                                                                                                                                                                                                                                                                                            • String ID: C:\Users\user\Desktop\file.exe
                                                                                                                                                                                                                                                                                                                                                                            • API String ID: 2506810119-517116171
                                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 4209abaa02aec1b45911df0bafa7710eb53cebce6109b0f7ef0efc8f6d477051
                                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 6ed037ce93f42389936c587309eb988de3bad39b56ab3eb5b9e6e1d6778e5b85
                                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4209abaa02aec1b45911df0bafa7710eb53cebce6109b0f7ef0efc8f6d477051
                                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 13316975A01218FFDB21DB999D85E9EBBFCEB85310F1441ABF80597211DA708E41CBA4
                                                                                                                                                                                                                                                                                                                                                                            Function 00A6C27D Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 114windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                                            • GetMenuItemInfoW.USER32(00000004,00000000,00000000,?), ref: 00A6C306
                                                                                                                                                                                                                                                                                                                                                                            • DeleteMenu.USER32(?,00000007,00000000), ref: 00A6C34C
                                                                                                                                                                                                                                                                                                                                                                            • DeleteMenu.USER32(?,00000000,00000000,?,00000000,00000000,00AD1990,014358B0), ref: 00A6C395
                                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2226104040.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226057028.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226471803.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226549313.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a00000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                                            • API ID: Menu$Delete$InfoItem
                                                                                                                                                                                                                                                                                                                                                                            • String ID: 0
                                                                                                                                                                                                                                                                                                                                                                            • API String ID: 135850232-4108050209
                                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: b87cf487f839a2397bb42db136ba51dcedab373d97ec8ef81d35f193824ada58
                                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 1d2c24a4f65a41b64c593825230d5596344490ca0b2d25c834dfc2f6f8b770c2
                                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: b87cf487f839a2397bb42db136ba51dcedab373d97ec8ef81d35f193824ada58
                                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 59419E712043019FD720DF29D884B6ABBF8AF85320F148A1EF9A59B3D1D730E904CB62
                                                                                                                                                                                                                                                                                                                                                                            Function 00A94416 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 106COMMON
                                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                                            • SetWindowPos.USER32(00000000,00000000,00000000,00000000,00000000,00000000,00000013,?,?,SysTreeView32,00A9CC08,00000000,?,?,?,?), ref: 00A944AA
                                                                                                                                                                                                                                                                                                                                                                            • GetWindowLongW.USER32 ref: 00A944C7
                                                                                                                                                                                                                                                                                                                                                                            • SetWindowLongW.USER32(?,000000F0,00000000), ref: 00A944D7
                                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2226104040.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226057028.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226471803.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226549313.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a00000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                                            • API ID: Window$Long
                                                                                                                                                                                                                                                                                                                                                                            • String ID: SysTreeView32
                                                                                                                                                                                                                                                                                                                                                                            • API String ID: 847901565-1698111956
                                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: b85c0681b3afc41f6a6d06a708dd106286bee74302504c58ab522cde607d2c61
                                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: ad98061aa46175b343176c5698db15c4625965c0ffcb8bfea93ea13696cf65b6
                                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: b85c0681b3afc41f6a6d06a708dd106286bee74302504c58ab522cde607d2c61
                                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 58317A32210605ABDF208F78DC45FEA7BE9EB48334F214719F979A21E0DB70AC529B50
                                                                                                                                                                                                                                                                                                                                                                            Function 00A8304E Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 90networkCOMMON
                                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00A8335B: WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,00000000,00000000,00000000,?,?,?,?,?,00A83077,?,?), ref: 00A83378
                                                                                                                                                                                                                                                                                                                                                                            • inet_addr.WSOCK32(?,?,?,?,?,00000000), ref: 00A8307A
                                                                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 00A8309B
                                                                                                                                                                                                                                                                                                                                                                            • htons.WSOCK32(00000000,?,?,00000000), ref: 00A83106
                                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2226104040.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226057028.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226471803.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226549313.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a00000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                                            • API ID: ByteCharMultiWide_wcslenhtonsinet_addr
                                                                                                                                                                                                                                                                                                                                                                            • String ID: 255.255.255.255
                                                                                                                                                                                                                                                                                                                                                                            • API String ID: 946324512-2422070025
                                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 2d393be148fdc0cf275aea9f6a43e76078b55b719c9c48449524c4f18f57db1c
                                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 2fbd8e8bb7806d652f2a0c437a82209548d481bbd0e5c0025a87d3e44a4f4742
                                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2d393be148fdc0cf275aea9f6a43e76078b55b719c9c48449524c4f18f57db1c
                                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4931C1366042059FCF10EF68C585EAA77F0EF14B18F248159E9168B392DB72EE46C761
                                                                                                                                                                                                                                                                                                                                                                            Function 00A94653 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 87windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,00000469,?,00000000), ref: 00A94705
                                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,00000465,00000000,80017FFF), ref: 00A94713
                                                                                                                                                                                                                                                                                                                                                                            • DestroyWindow.USER32(00000000,00000000,?,?,?,00000000,msctls_updown32,00000000,00000000,00000000,00000000,00000000,00000000,?,?,00000000), ref: 00A9471A
                                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2226104040.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226057028.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226471803.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226549313.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a00000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                                            • API ID: MessageSend$DestroyWindow
                                                                                                                                                                                                                                                                                                                                                                            • String ID: msctls_updown32
                                                                                                                                                                                                                                                                                                                                                                            • API String ID: 4014797782-2298589950
                                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: ba5509ccd8293b392ef94c02cb7823784de45c0fddb21ac502a2be9021f5e725
                                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 70f640599521648f0af704305768db8a84987f178316afef62210d3249cac9a4
                                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: ba5509ccd8293b392ef94c02cb7823784de45c0fddb21ac502a2be9021f5e725
                                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7E214FB5600208AFEB10DFA4DCD1DBA37EDEB5E3A4B140459F6019B251DB30EC12CA60
                                                                                                                                                                                                                                                                                                                                                                            Function 00A695AD Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 85COMMON
                                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2226104040.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226057028.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226471803.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226549313.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a00000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                                            • API ID: _wcslen
                                                                                                                                                                                                                                                                                                                                                                            • String ID: #OnAutoItStartRegister$#notrayicon$#requireadmin
                                                                                                                                                                                                                                                                                                                                                                            • API String ID: 176396367-2734436370
                                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: b92d5957e4083d3334ec78791b2b84ec649e8fafe68d8f05110fdc4afc8ef89d
                                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 8a0486762c77c3b463b330839c3a44260908aeaca6540bad24659868cfa8e74c
                                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: b92d5957e4083d3334ec78791b2b84ec649e8fafe68d8f05110fdc4afc8ef89d
                                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9B215B722046206AD731AB28ED02FBB73FCAF51300F14443AFA4AD7081EB75ED45C295
                                                                                                                                                                                                                                                                                                                                                                            Function 00A937B7 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,00000180,00000000,?), ref: 00A93840
                                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00000186,00000000,00000000), ref: 00A93850
                                                                                                                                                                                                                                                                                                                                                                            • MoveWindow.USER32(00000000,?,?,?,?,00000000,?,?,Listbox,00000000,00000000,?,?,?,?,?), ref: 00A93876
                                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2226104040.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226057028.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226471803.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226549313.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a00000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                                            • API ID: MessageSend$MoveWindow
                                                                                                                                                                                                                                                                                                                                                                            • String ID: Listbox
                                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3315199576-2633736733
                                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 7ff2a2411d93153ec00a9d30416b5dd6f73762dc9157b0bb352e017942eca107
                                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: dd5a93cb1cbb14b1ffd61714656b4781739701b1cb31cee2af987992adf4a54d
                                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 7ff2a2411d93153ec00a9d30416b5dd6f73762dc9157b0bb352e017942eca107
                                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D4217C72710218BBEF21CF94DC85EBB37BAEF89764F118125F9059B190CA759C528BA0
                                                                                                                                                                                                                                                                                                                                                                            Function 00A749F4 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 78COMMON
                                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                                            • SetErrorMode.KERNEL32(00000001), ref: 00A74A08
                                                                                                                                                                                                                                                                                                                                                                            • GetVolumeInformationW.KERNEL32(?,?,00007FFF,?,00000000,00000000,00000000,00000000), ref: 00A74A5C
                                                                                                                                                                                                                                                                                                                                                                            • SetErrorMode.KERNEL32(00000000,?,?,00A9CC08), ref: 00A74AD0
                                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2226104040.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226057028.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226471803.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226549313.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a00000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                                            • API ID: ErrorMode$InformationVolume
                                                                                                                                                                                                                                                                                                                                                                            • String ID: %lu
                                                                                                                                                                                                                                                                                                                                                                            • API String ID: 2507767853-685833217
                                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 08a0922a6dbc3fd6b1495173065623087dd19d82ff46ecc6a444b9cfbb7a7b61
                                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 0e1c3368cdd011cbe6bc4e85aaa4b943d4ac78d0fd99b0fc5fb5dc60358c1776
                                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 08a0922a6dbc3fd6b1495173065623087dd19d82ff46ecc6a444b9cfbb7a7b61
                                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: CA315175A00109AFDB10DF54C985EAA7BF8EF08318F1480A9F909DB252DB71ED46CB61
                                                                                                                                                                                                                                                                                                                                                                            Function 00A941EB Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 67windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,00000405,00000000,00000000), ref: 00A9424F
                                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00000406,00000000,00640000), ref: 00A94264
                                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00000414,0000000A,00000000), ref: 00A94271
                                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2226104040.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226057028.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226471803.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226549313.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a00000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                                            • API ID: MessageSend
                                                                                                                                                                                                                                                                                                                                                                            • String ID: msctls_trackbar32
                                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3850602802-1010561917
                                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: c0a7ec35a6625d3a2aa8a3945d4016a26ec4aa49ea7284357f69b44ef445ffe8
                                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 130f0d428032cd200bf0079079ddefeaee6e81916992833f79fa82cb686cdf3f
                                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: c0a7ec35a6625d3a2aa8a3945d4016a26ec4aa49ea7284357f69b44ef445ffe8
                                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: C611E332340208BEEF209F69CC06FEB3BECEF89B64F110524FA55E6090D671D8529B20
                                                                                                                                                                                                                                                                                                                                                                            Function 00A62F52 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 67windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00A06B57: _wcslen.LIBCMT ref: 00A06B6A
                                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00A62DA7: SendMessageTimeoutW.USER32(?,00000000,00000000,00000000,00000002,00001388,?), ref: 00A62DC5
                                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00A62DA7: GetWindowThreadProcessId.USER32(?,00000000), ref: 00A62DD6
                                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00A62DA7: GetCurrentThreadId.KERNEL32 ref: 00A62DDD
                                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00A62DA7: AttachThreadInput.USER32(00000000,?,00000000,00000000), ref: 00A62DE4
                                                                                                                                                                                                                                                                                                                                                                            • GetFocus.USER32 ref: 00A62F78
                                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00A62DEE: GetParent.USER32(00000000), ref: 00A62DF9
                                                                                                                                                                                                                                                                                                                                                                            • GetClassNameW.USER32(?,?,00000100), ref: 00A62FC3
                                                                                                                                                                                                                                                                                                                                                                            • EnumChildWindows.USER32(?,00A6303B), ref: 00A62FEB
                                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2226104040.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226057028.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226471803.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226549313.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a00000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                                            • API ID: Thread$AttachChildClassCurrentEnumFocusInputMessageNameParentProcessSendTimeoutWindowWindows_wcslen
                                                                                                                                                                                                                                                                                                                                                                            • String ID: %s%d
                                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1272988791-1110647743
                                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: addf90b2b4ec69954d5e5a0ab61fd31ef51b5ebfff6eba8800cfd01ce1ba8a53
                                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 1c92905ed93d921659e44adfa316d681e9fa1eeeab33e1723525e6311e2e87e3
                                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: addf90b2b4ec69954d5e5a0ab61fd31ef51b5ebfff6eba8800cfd01ce1ba8a53
                                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: DA11A2B6700209ABDF14BF70DD85FED377AAF94314F048075F9099B192DE309A4A8B60
                                                                                                                                                                                                                                                                                                                                                                            Function 00A95882 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 47windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                                            • GetMenuItemInfoW.USER32(?,?,?,00000030), ref: 00A958C1
                                                                                                                                                                                                                                                                                                                                                                            • SetMenuItemInfoW.USER32(?,?,?,00000030), ref: 00A958EE
                                                                                                                                                                                                                                                                                                                                                                            • DrawMenuBar.USER32(?), ref: 00A958FD
                                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2226104040.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226057028.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226471803.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226549313.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a00000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                                            • API ID: Menu$InfoItem$Draw
                                                                                                                                                                                                                                                                                                                                                                            • String ID: 0
                                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3227129158-4108050209
                                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 549c8c5264b823d92af5b80af774f23ebc6b37bf49dbf084776a844fd68de334
                                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: ccaaa1db9dc0a86f5089388acde202d60577553597a15f5efaec2ef940d51f99
                                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 549c8c5264b823d92af5b80af774f23ebc6b37bf49dbf084776a844fd68de334
                                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F4016D31A00218EFDF229F61DC45BAEBBF5FB45760F10809AE849D6151DB308A84DF21
                                                                                                                                                                                                                                                                                                                                                                            Function 00A6007F Relevance: 6.3, APIs: 4, Instructions: 322COMMON
                                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2226104040.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226057028.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226471803.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226549313.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a00000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 5ad85870cc57afa6e3b587c4744a946066665b0c3e05d7c7101ee776c1de0fd8
                                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: e3892496e0f569dd0b6dc0aa060ca441b1b77012305eb2f02b29669e83064dcf
                                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 5ad85870cc57afa6e3b587c4744a946066665b0c3e05d7c7101ee776c1de0fd8
                                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7DC13975A00206AFDB14CFA8C894EAEB7B5FF48705F218598E505EB251D731ED81DB90
                                                                                                                                                                                                                                                                                                                                                                            Function 00A8342E Relevance: 6.3, APIs: 4, Instructions: 257COMMON
                                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2226104040.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226057028.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226471803.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226549313.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a00000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                                            • API ID: Variant$ClearInitInitializeUninitialize
                                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1998397398-0
                                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 22630a9f0dc749d2b864be1a3f226d664b7215f36acddebfd9dd3cc88d1cc91e
                                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: f9d5b3b2e1ab812649d46dd2993dad83b3175ab8fc03f764c287b3c8ed89c98a
                                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 22630a9f0dc749d2b864be1a3f226d664b7215f36acddebfd9dd3cc88d1cc91e
                                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 61A12A756046059FCB00EF28D985A6EB7E5FF88714F048859F98A9B3A2DB30FE41CB51
                                                                                                                                                                                                                                                                                                                                                                            Function 00A60436 Relevance: 6.2, APIs: 4, Instructions: 230COMMON
                                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                                            • ProgIDFromCLSID.OLE32(?,00000000,?,00000000,00000800,00000000,?,00A9FC08,?), ref: 00A605F0
                                                                                                                                                                                                                                                                                                                                                                            • CoTaskMemFree.OLE32(00000000,00000000,?,00000000,00000800,00000000,?,00A9FC08,?), ref: 00A60608
                                                                                                                                                                                                                                                                                                                                                                            • CLSIDFromProgID.OLE32(?,?,00000000,00A9CC40,000000FF,?,00000000,00000800,00000000,?,00A9FC08,?), ref: 00A6062D
                                                                                                                                                                                                                                                                                                                                                                            • _memcmp.LIBVCRUNTIME ref: 00A6064E
                                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2226104040.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226057028.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226471803.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226549313.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a00000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                                            • API ID: FromProg$FreeTask_memcmp
                                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                                            • API String ID: 314563124-0
                                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 93c8cc8a7a66f0ad2cbed3d9a7f84331e6f6a7c1b4f02bc85692fd523e2a884e
                                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: fdbdbfc71cd92c76ff6cc31a4e6030f2eaf5200566bba6b1f5e8d1205842d62b
                                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 93c8cc8a7a66f0ad2cbed3d9a7f84331e6f6a7c1b4f02bc85692fd523e2a884e
                                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: CC81FC75A00109EFCB04DF98C984DEEB7B9FF89315F208558E516EB250DB71AE46CB60
                                                                                                                                                                                                                                                                                                                                                                            Function 00A8A67C Relevance: 6.2, APIs: 4, Instructions: 175processCOMMON
                                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                                            • CreateToolhelp32Snapshot.KERNEL32 ref: 00A8A6AC
                                                                                                                                                                                                                                                                                                                                                                            • Process32FirstW.KERNEL32(00000000,?), ref: 00A8A6BA
                                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00A09CB3: _wcslen.LIBCMT ref: 00A09CBD
                                                                                                                                                                                                                                                                                                                                                                            • Process32NextW.KERNEL32(00000000,?), ref: 00A8A79C
                                                                                                                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 00A8A7AB
                                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00A1CE60: CompareStringW.KERNEL32(00000409,00000001,?,00000000,00000000,?,?,00000000,?,00A43303,?), ref: 00A1CE8A
                                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2226104040.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226057028.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226471803.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226549313.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a00000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                                            • API ID: Process32$CloseCompareCreateFirstHandleNextSnapshotStringToolhelp32_wcslen
                                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1991900642-0
                                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: b5caee6a7779a639a0166765aefc3d530840bb137eedb3c84f716db4a5bd8475
                                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 10ded8debbe23b955548c8c944144f0a17a21e55bdefc93f5516a5e096a9d08e
                                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: b5caee6a7779a639a0166765aefc3d530840bb137eedb3c84f716db4a5bd8475
                                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: FC516E71508304AFD710EF24D986E6BBBE8FF89754F00891DF58597292EB70D904CBA2
                                                                                                                                                                                                                                                                                                                                                                            Function 00A41391 Relevance: 6.2, APIs: 4, Instructions: 152COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2226104040.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226057028.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226471803.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226549313.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a00000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                                            • API ID: _free
                                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                                            • API String ID: 269201875-0
                                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: c37f55f8bc5d4601c96c35d28699c34d172b98c59c342ee5b7e14d7696386eef
                                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: b3dc3f48c987576ec0cf77331aeabc05e26814b51d638437ed281b6b41237326
                                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: c37f55f8bc5d4601c96c35d28699c34d172b98c59c342ee5b7e14d7696386eef
                                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: E0412A7DA00610ABDB216BFDAD45AFE3AB4EFC2370F244235F419D6192E77488C15762
                                                                                                                                                                                                                                                                                                                                                                            Function 00A96278 Relevance: 6.1, APIs: 4, Instructions: 138COMMON
                                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                                            • GetWindowRect.USER32(?,?), ref: 00A962E2
                                                                                                                                                                                                                                                                                                                                                                            • ScreenToClient.USER32(?,?), ref: 00A96315
                                                                                                                                                                                                                                                                                                                                                                            • MoveWindow.USER32(?,?,?,?,000000FF,00000001,?,?,?,?,?), ref: 00A96382
                                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2226104040.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226057028.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226471803.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226549313.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a00000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                                            • API ID: Window$ClientMoveRectScreen
                                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3880355969-0
                                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 9d78816722b908c125012c8e6b3655ebaa1d9ed8a71ea8c86b62eabcd29cc442
                                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 70dfaea26173251af31a02e06d303e5b4f5766ae706635927f8b01352241a012
                                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9d78816722b908c125012c8e6b3655ebaa1d9ed8a71ea8c86b62eabcd29cc442
                                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D0510974A00609AFDF10DF68D990AAE7BF5FF45360F10816AF9159B2A0D730ED81CB50
                                                                                                                                                                                                                                                                                                                                                                            Function 00A81AD6 Relevance: 6.1, APIs: 4, Instructions: 138networkCOMMON
                                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                                            • socket.WSOCK32(00000002,00000002,00000011), ref: 00A81AFD
                                                                                                                                                                                                                                                                                                                                                                            • WSAGetLastError.WSOCK32 ref: 00A81B0B
                                                                                                                                                                                                                                                                                                                                                                            • #21.WSOCK32(?,0000FFFF,00000020,00000002,00000004), ref: 00A81B8A
                                                                                                                                                                                                                                                                                                                                                                            • WSAGetLastError.WSOCK32 ref: 00A81B94
                                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2226104040.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226057028.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226471803.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226549313.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a00000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                                            • API ID: ErrorLast$socket
                                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1881357543-0
                                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 85d4b70cfdc19a707b37f65e4eb8aba7b6d3f4ca571e1f1624d9472e9b227834
                                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 66e92313d8244516832a3bbd82a85fc6ce0e5b3e85214ad6aeb01256e8bbd674
                                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 85d4b70cfdc19a707b37f65e4eb8aba7b6d3f4ca571e1f1624d9472e9b227834
                                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7341A374600200AFE720AF24D98AF6977E5AB44718F54C458F91A9F3D2D772ED82CB91
                                                                                                                                                                                                                                                                                                                                                                            Function 00A3B41F Relevance: 6.1, APIs: 4, Instructions: 133COMMON
                                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2226104040.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226057028.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226471803.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226549313.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a00000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 5ae5853dac9e95d8dba1a3276954053d069ccd100ae81bb0eb500e958c948b00
                                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 56dc2a340804991cb1435386430d439ab64d6a75e7858538af876835d3b737a5
                                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 5ae5853dac9e95d8dba1a3276954053d069ccd100ae81bb0eb500e958c948b00
                                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 63412B75A10314BFD7249F38CD42BAABBFAEB84710F10853EF252DB281D771994187A0
                                                                                                                                                                                                                                                                                                                                                                            Function 00A756D9 Relevance: 6.1, APIs: 4, Instructions: 110fileCOMMON
                                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                                            • CreateHardLinkW.KERNEL32(00000002,?,00000000), ref: 00A75783
                                                                                                                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,00000000), ref: 00A757A9
                                                                                                                                                                                                                                                                                                                                                                            • DeleteFileW.KERNEL32(00000002,?,00000000), ref: 00A757CE
                                                                                                                                                                                                                                                                                                                                                                            • CreateHardLinkW.KERNEL32(00000002,?,00000000,?,00000000), ref: 00A757FA
                                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2226104040.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226057028.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226471803.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226549313.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a00000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                                            • API ID: CreateHardLink$DeleteErrorFileLast
                                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3321077145-0
                                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 67428ccb80cc1b630a0ad1f2e2d55bd0a4695794fea8142056791096625c9745
                                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: a536b3671b694a8451a87abbbcdd1527a04bba71a9b952990ec6824adb5ea0d7
                                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 67428ccb80cc1b630a0ad1f2e2d55bd0a4695794fea8142056791096625c9745
                                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 12414F35A00A14DFCB11EF55D944A5EBBF1EF49720B19C888E84A5B3A2CB70FD41DB91
                                                                                                                                                                                                                                                                                                                                                                            Function 00A3D8C3 Relevance: 6.1, APIs: 4, Instructions: 110COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                                            • MultiByteToWideChar.KERNEL32(?,00000000,8BE85006,00A26D71,00000000,00000000,00A282D9,?,00A282D9,?,00000001,00A26D71,8BE85006,00000001,00A282D9,00A282D9), ref: 00A3D910
                                                                                                                                                                                                                                                                                                                                                                            • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 00A3D999
                                                                                                                                                                                                                                                                                                                                                                            • GetStringTypeW.KERNEL32(?,00000000,00000000,?), ref: 00A3D9AB
                                                                                                                                                                                                                                                                                                                                                                            • __freea.LIBCMT ref: 00A3D9B4
                                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00A33820: RtlAllocateHeap.NTDLL(00000000,?,00AD1444,?,00A1FDF5,?,?,00A0A976,00000010,00AD1440,00A013FC,?,00A013C6,?,00A01129), ref: 00A33852
                                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2226104040.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226057028.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226471803.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226549313.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a00000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                                            • API ID: ByteCharMultiWide$AllocateHeapStringType__freea
                                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                                            • API String ID: 2652629310-0
                                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 9ade8d59299ca06fc4b628d6080416825238dbcec312a4d1a3f5e323e356929c
                                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: fc7082a5b94228e8965369d3712b9ffd3d0e933645fd8520a3f4cdb8e633796e
                                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9ade8d59299ca06fc4b628d6080416825238dbcec312a4d1a3f5e323e356929c
                                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2F31BC72A0021AEBDF25DFA4EC41EAE7BA5EB44310F154269FC04DB251EB35DD51CBA0
                                                                                                                                                                                                                                                                                                                                                                            Function 00A952C1 Relevance: 6.1, APIs: 4, Instructions: 104windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00001024,00000000,?), ref: 00A95352
                                                                                                                                                                                                                                                                                                                                                                            • GetWindowLongW.USER32(?,000000F0), ref: 00A95375
                                                                                                                                                                                                                                                                                                                                                                            • SetWindowLongW.USER32(?,000000F0,00000000), ref: 00A95382
                                                                                                                                                                                                                                                                                                                                                                            • InvalidateRect.USER32(?,00000000,00000001,?,?,?), ref: 00A953A8
                                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2226104040.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226057028.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226471803.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226549313.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a00000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                                            • API ID: LongWindow$InvalidateMessageRectSend
                                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3340791633-0
                                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: f5be4d647af11bd4e184904dfaf4a463dfbbe3feb550f9cef889f4e482a14a09
                                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: e3eb6a4d2ca9f0860873e324a9ad0f3a28d338196ef315c7bd2515f17310425a
                                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: f5be4d647af11bd4e184904dfaf4a463dfbbe3feb550f9cef889f4e482a14a09
                                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0B31CF34F55A08EFEF269B74CC27BEA37E1AB05390F584102FA119E1E1C7B49981AB51
                                                                                                                                                                                                                                                                                                                                                                            Function 00A6AB9C Relevance: 6.1, APIs: 4, Instructions: 103keyboardwindowCOMMON
                                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                                            • GetKeyboardState.USER32(?,75A8C0D0,?,00008000), ref: 00A6ABF1
                                                                                                                                                                                                                                                                                                                                                                            • SetKeyboardState.USER32(00000080,?,00008000), ref: 00A6AC0D
                                                                                                                                                                                                                                                                                                                                                                            • PostMessageW.USER32(00000000,00000101,00000000), ref: 00A6AC74
                                                                                                                                                                                                                                                                                                                                                                            • SendInput.USER32(00000001,?,0000001C,75A8C0D0,?,00008000), ref: 00A6ACC6
                                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2226104040.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226057028.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226471803.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226549313.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a00000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                                            • API ID: KeyboardState$InputMessagePostSend
                                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                                            • API String ID: 432972143-0
                                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: d0244d0ac1c2524d6238e54089e4452392770926d5823c0739f04dc9f8fe4c3c
                                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 62b3a8d7908f202137ecc12ec63a8b297a74949c81760e7e99cee8cccb4bebb2
                                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d0244d0ac1c2524d6238e54089e4452392770926d5823c0739f04dc9f8fe4c3c
                                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 33310730A407186FEF35CBA58C047FA7BB5ABA9320F04431AE485A21D1C375D9859B62
                                                                                                                                                                                                                                                                                                                                                                            Function 00A97674 Relevance: 6.1, APIs: 4, Instructions: 102windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                                            • ClientToScreen.USER32(?,?), ref: 00A9769A
                                                                                                                                                                                                                                                                                                                                                                            • GetWindowRect.USER32(?,?), ref: 00A97710
                                                                                                                                                                                                                                                                                                                                                                            • PtInRect.USER32(?,?,00A98B89), ref: 00A97720
                                                                                                                                                                                                                                                                                                                                                                            • MessageBeep.USER32(00000000), ref: 00A9778C
                                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2226104040.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226057028.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226471803.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226549313.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a00000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                                            • API ID: Rect$BeepClientMessageScreenWindow
                                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1352109105-0
                                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 6642214b9bf0a863595573da8159540885153cf96ed73e229fc873a66d140684
                                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: aa02ba317f2afa804dc0ce849402296cf78eb24336563cf666c9eacb08587e2a
                                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 6642214b9bf0a863595573da8159540885153cf96ed73e229fc873a66d140684
                                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 35415A38B19214EFCF11CFE8C894EADB7F5BB49314F1541A9E9159B261C730A942CBA0
                                                                                                                                                                                                                                                                                                                                                                            Function 00A916DA Relevance: 6.1, APIs: 4, Instructions: 101COMMON
                                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                                            • GetForegroundWindow.USER32 ref: 00A916EB
                                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00A63A3D: GetWindowThreadProcessId.USER32(?,00000000), ref: 00A63A57
                                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00A63A3D: GetCurrentThreadId.KERNEL32 ref: 00A63A5E
                                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00A63A3D: AttachThreadInput.USER32(00000000,?,00000000,00000000,?,00A625B3), ref: 00A63A65
                                                                                                                                                                                                                                                                                                                                                                            • GetCaretPos.USER32(?), ref: 00A916FF
                                                                                                                                                                                                                                                                                                                                                                            • ClientToScreen.USER32(00000000,?), ref: 00A9174C
                                                                                                                                                                                                                                                                                                                                                                            • GetForegroundWindow.USER32 ref: 00A91752
                                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2226104040.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226057028.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226471803.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226549313.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a00000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                                            • API ID: ThreadWindow$Foreground$AttachCaretClientCurrentInputProcessScreen
                                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                                            • API String ID: 2759813231-0
                                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: b17ffcd40d5e0f34b1e1b46c16120c911f1217cd1907326e03bc2c10b1a5c514
                                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: b532e3ae10db4b79e6ac1f5954bf4356c2da10468d60f0e269928786ce069e15
                                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: b17ffcd40d5e0f34b1e1b46c16120c911f1217cd1907326e03bc2c10b1a5c514
                                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6B315275E00249AFDB00EFA9D981CAEB7F9EF48314B5080AAE415E7251DB319E45CFA1
                                                                                                                                                                                                                                                                                                                                                                            Function 00A98FC9 Relevance: 6.1, APIs: 4, Instructions: 78windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00A19BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00A19BB2
                                                                                                                                                                                                                                                                                                                                                                            • GetCursorPos.USER32(?), ref: 00A99001
                                                                                                                                                                                                                                                                                                                                                                            • TrackPopupMenuEx.USER32(?,00000000,?,?,?,00000000,?,00A57711,?,?,?,?,?), ref: 00A99016
                                                                                                                                                                                                                                                                                                                                                                            • GetCursorPos.USER32(?), ref: 00A9905E
                                                                                                                                                                                                                                                                                                                                                                            • DefDlgProcW.USER32(?,0000007B,?,?,?,?,?,?,?,?,?,?,00A57711,?,?,?), ref: 00A99094
                                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2226104040.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226057028.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226471803.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226549313.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a00000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                                            • API ID: Cursor$LongMenuPopupProcTrackWindow
                                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                                            • API String ID: 2864067406-0
                                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 3de18ef9cbff504741503718347bc13af9c2cc1c2b2e97478dd4bf2b97d0e417
                                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 20aea0447ba11c8277fcae55f73d83dfb352a3388cc37959c0522ef772f00b79
                                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3de18ef9cbff504741503718347bc13af9c2cc1c2b2e97478dd4bf2b97d0e417
                                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9E217C35700018BFCF25CF99C898EEB7BF9EB49360F04405AF9154B261C73299A1DB61
                                                                                                                                                                                                                                                                                                                                                                            Function 00A6D2C1 Relevance: 6.1, APIs: 4, Instructions: 78COMMON
                                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                                            • GetFileAttributesW.KERNEL32(?,00A9CB68), ref: 00A6D2FB
                                                                                                                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 00A6D30A
                                                                                                                                                                                                                                                                                                                                                                            • CreateDirectoryW.KERNEL32(?,00000000), ref: 00A6D319
                                                                                                                                                                                                                                                                                                                                                                            • CreateDirectoryW.KERNEL32(?,00000000,00000000,000000FF,00A9CB68), ref: 00A6D376
                                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2226104040.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226057028.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226471803.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226549313.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a00000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                                            • API ID: CreateDirectory$AttributesErrorFileLast
                                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                                            • API String ID: 2267087916-0
                                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 70d962cad9fcce28acbf39d4243ac63aaa93670cfde9f9e3dd47170efa041a19
                                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 3c355c4f701615430c84a7ab6e0c834d24d924b7e4d9b138181ce6e82f1f2a6b
                                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 70d962cad9fcce28acbf39d4243ac63aaa93670cfde9f9e3dd47170efa041a19
                                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9C219170A042019FC710EF64D9818AB77F4AE553A4F504A1DF499DB3E1EB30D946CB93
                                                                                                                                                                                                                                                                                                                                                                            Function 00A61571 Relevance: 6.1, APIs: 4, Instructions: 78memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00A61014: GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),?,00000000,?), ref: 00A6102A
                                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00A61014: GetLastError.KERNEL32(?,TokenIntegrityLevel,?,00000000,?), ref: 00A61036
                                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00A61014: GetProcessHeap.KERNEL32(00000008,?,?,TokenIntegrityLevel,?,00000000,?), ref: 00A61045
                                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00A61014: HeapAlloc.KERNEL32(00000000,?,TokenIntegrityLevel,?,00000000,?), ref: 00A6104C
                                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00A61014: GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),00000000,?,?,?,TokenIntegrityLevel,?,00000000,?), ref: 00A61062
                                                                                                                                                                                                                                                                                                                                                                            • LookupPrivilegeValueW.ADVAPI32(00000000,?,?), ref: 00A615BE
                                                                                                                                                                                                                                                                                                                                                                            • _memcmp.LIBVCRUNTIME ref: 00A615E1
                                                                                                                                                                                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00A61617
                                                                                                                                                                                                                                                                                                                                                                            • HeapFree.KERNEL32(00000000), ref: 00A6161E
                                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2226104040.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226057028.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226471803.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226549313.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a00000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                                            • API ID: Heap$InformationProcessToken$AllocErrorFreeLastLookupPrivilegeValue_memcmp
                                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1592001646-0
                                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 84b9c478402aaa14b5953865d4dfccd14cff27071ffff2a000302e39f034bb9d
                                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 5b063b117d0ba403d629cc94f3d33bc172f8243844f2574b57cea977cdefa101
                                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 84b9c478402aaa14b5953865d4dfccd14cff27071ffff2a000302e39f034bb9d
                                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7F217C75E00109EFDF10DFA8C945BEEBBB8EF44354F194459E441AB241EB70AA05CBA0
                                                                                                                                                                                                                                                                                                                                                                            Function 00A92782 Relevance: 6.1, APIs: 4, Instructions: 75COMMON
                                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                                            • GetWindowLongW.USER32(?,000000EC), ref: 00A9280A
                                                                                                                                                                                                                                                                                                                                                                            • SetWindowLongW.USER32(?,000000EC,00000000), ref: 00A92824
                                                                                                                                                                                                                                                                                                                                                                            • SetWindowLongW.USER32(?,000000EC,00000000), ref: 00A92832
                                                                                                                                                                                                                                                                                                                                                                            • SetLayeredWindowAttributes.USER32(?,00000000,?,00000002), ref: 00A92840
                                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2226104040.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226057028.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226471803.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226549313.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a00000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                                            • API ID: Window$Long$AttributesLayered
                                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                                            • API String ID: 2169480361-0
                                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 225e7e0d709b5f5a52ef4be5b39046ab1e296b738a08a15304ee7f3914540e97
                                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: a61e797f736fbd29800a2e60e8ec58d47e1f029baae5308bc3fc4a15cdf40138
                                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 225e7e0d709b5f5a52ef4be5b39046ab1e296b738a08a15304ee7f3914540e97
                                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: A021BD31304511BFDB14DB24CC44FAA7BA5AF85324F148259F42A8B6E2CB71FC82CBA0
                                                                                                                                                                                                                                                                                                                                                                            Function 00A678F5 Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 71stringCOMMON
                                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00A68D7D: lstrlenW.KERNEL32(?,00000002,000000FF,?,?,?,00A6790A,?,000000FF,?,00A68754,00000000,?,0000001C,?,?), ref: 00A68D8C
                                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00A68D7D: lstrcpyW.KERNEL32(00000000,?,?,00A6790A,?,000000FF,?,00A68754,00000000,?,0000001C,?,?,00000000), ref: 00A68DB2
                                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00A68D7D: lstrcmpiW.KERNEL32(00000000,?,00A6790A,?,000000FF,?,00A68754,00000000,?,0000001C,?,?), ref: 00A68DE3
                                                                                                                                                                                                                                                                                                                                                                            • lstrlenW.KERNEL32(?,00000002,000000FF,?,000000FF,?,00A68754,00000000,?,0000001C,?,?,00000000), ref: 00A67923
                                                                                                                                                                                                                                                                                                                                                                            • lstrcpyW.KERNEL32(00000000,?,?,00A68754,00000000,?,0000001C,?,?,00000000), ref: 00A67949
                                                                                                                                                                                                                                                                                                                                                                            • lstrcmpiW.KERNEL32(00000002,cdecl,?,00A68754,00000000,?,0000001C,?,?,00000000), ref: 00A67984
                                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2226104040.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226057028.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226471803.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226549313.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a00000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                                            • API ID: lstrcmpilstrcpylstrlen
                                                                                                                                                                                                                                                                                                                                                                            • String ID: cdecl
                                                                                                                                                                                                                                                                                                                                                                            • API String ID: 4031866154-3896280584
                                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 5f15553018a5134d116e43e5b6ae2ab77aabcede02d227199fb7e4c3fc69c9ee
                                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: ded635a6ca30a101a1a784ee240d98b6f22fe1eb600ef95c8d88e2a21a65e8ac
                                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 5f15553018a5134d116e43e5b6ae2ab77aabcede02d227199fb7e4c3fc69c9ee
                                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5711003A200242AFCB159F38C844E7A77F9FF85394B50802AF806CB2A4EF319801C7A1
                                                                                                                                                                                                                                                                                                                                                                            Function 00A97CC2 Relevance: 6.1, APIs: 4, Instructions: 70COMMON
                                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                                            • GetWindowLongW.USER32(?,000000F0), ref: 00A97D0B
                                                                                                                                                                                                                                                                                                                                                                            • SetWindowLongW.USER32(00000000,000000F0,?), ref: 00A97D2A
                                                                                                                                                                                                                                                                                                                                                                            • SetWindowLongW.USER32(00000000,000000EC,000000FF), ref: 00A97D42
                                                                                                                                                                                                                                                                                                                                                                            • SetWindowPos.USER32(00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,?,?,?,?,?,00A7B7AD,00000000), ref: 00A97D6B
                                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00A19BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00A19BB2
                                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2226104040.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226057028.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226471803.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226549313.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a00000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                                            • API ID: Window$Long
                                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                                            • API String ID: 847901565-0
                                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 4a750c39ef7c5e49b809463c7a6a83ee08ec36413fa036fad23b41d4a56adf6d
                                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: c1f45890f2c7300521bf29f303e43146e691e7c5002edcaa4059b94f0a99286f
                                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4a750c39ef7c5e49b809463c7a6a83ee08ec36413fa036fad23b41d4a56adf6d
                                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: DA118C71629615AFCF10DFA8DC04AAA3BA5AF45360F154725F83AC72E0DB309D52CB60
                                                                                                                                                                                                                                                                                                                                                                            Function 00A95660 Relevance: 6.1, APIs: 4, Instructions: 67windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00001060,?,00000004), ref: 00A956BB
                                                                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 00A956CD
                                                                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 00A956D8
                                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00001002,00000000,?), ref: 00A95816
                                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2226104040.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226057028.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226471803.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226549313.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a00000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                                            • API ID: MessageSend_wcslen
                                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                                            • API String ID: 455545452-0
                                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 717837b78b7917a35b2c26fc86f816d45a01bfce8d97bc27fab4a3752ebab88c
                                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: f9849cae54a6c2da4ff746e8c473e0dd67ec79a074e0887908ac195fc10d87df
                                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 717837b78b7917a35b2c26fc86f816d45a01bfce8d97bc27fab4a3752ebab88c
                                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4F11B471F00614A6DF21DFB5DC86AEE77FCAF51760B108026FA15D6081EB748980CBA0
                                                                                                                                                                                                                                                                                                                                                                            Function 00A31D09 Relevance: 6.1, APIs: 4, Instructions: 63COMMON
                                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2226104040.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226057028.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226471803.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226549313.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a00000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 2f1832179f30c2399cc3dd5e2af1c6d1ba1d99498cc162afe0a26a0c550b7431
                                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 704e0c0c1b95bbc3082a5883ac81292c889c59924bde492f772cd57c1869fcb2
                                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2f1832179f30c2399cc3dd5e2af1c6d1ba1d99498cc162afe0a26a0c550b7431
                                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: DD0181B2209A167EF6212BB87CC1F67676DDF867F8F340326F521A11D2DB609C015170
                                                                                                                                                                                                                                                                                                                                                                            Function 00A61A27 Relevance: 6.1, APIs: 4, Instructions: 56windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,000000B0,?,?), ref: 00A61A47
                                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,000000C9,?,00000000), ref: 00A61A59
                                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,000000C9,?,00000000), ref: 00A61A6F
                                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,000000C9,?,00000000), ref: 00A61A8A
                                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2226104040.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226057028.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226471803.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226549313.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a00000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                                            • API ID: MessageSend
                                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3850602802-0
                                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: a5c3c5ba7c4403a3a18d071a11db5d69cd89882d12b41d7b47c4bee37e627cd1
                                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 0838ec502c51af8115628b08a327a16e43c778add029afcf7191a5d863c3aab1
                                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a5c3c5ba7c4403a3a18d071a11db5d69cd89882d12b41d7b47c4bee37e627cd1
                                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9E11393AD01219FFEB11DBE4CD85FADBB78EB18750F240492EA04B7290D6716E50DB94
                                                                                                                                                                                                                                                                                                                                                                            Function 00A6E1D6 Relevance: 6.1, APIs: 4, Instructions: 55synchronizationthreadwindowCOMMON
                                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                                            • GetCurrentThreadId.KERNEL32 ref: 00A6E1FD
                                                                                                                                                                                                                                                                                                                                                                            • MessageBoxW.USER32(?,?,?,?), ref: 00A6E230
                                                                                                                                                                                                                                                                                                                                                                            • WaitForSingleObject.KERNEL32(00000000,000000FF,?,?,?,?), ref: 00A6E246
                                                                                                                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000,?,?,?,?), ref: 00A6E24D
                                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2226104040.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226057028.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226471803.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226549313.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a00000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                                            • API ID: CloseCurrentHandleMessageObjectSingleThreadWait
                                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                                            • API String ID: 2880819207-0
                                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: b81b14355c4ea47698bb2db0ab543e830cbb9c1cf786af9b638cfb671b4eb106
                                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: bad64b993f77ba0c665a92f7932e90dff94dc29d8516185a4c777fba1e08d44f
                                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: b81b14355c4ea47698bb2db0ab543e830cbb9c1cf786af9b638cfb671b4eb106
                                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2711C876A04254BBCB01DBF89C09ADE7FBDAB45320F144256F915D7291D6708A0587A0
                                                                                                                                                                                                                                                                                                                                                                            Function 00A2D1CC Relevance: 6.1, APIs: 4, Instructions: 55threadCOMMON
                                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                                            • CreateThread.KERNEL32(00000000,?,00A2CFF9,00000000,00000004,00000000), ref: 00A2D218
                                                                                                                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 00A2D224
                                                                                                                                                                                                                                                                                                                                                                            • __dosmaperr.LIBCMT ref: 00A2D22B
                                                                                                                                                                                                                                                                                                                                                                            • ResumeThread.KERNEL32(00000000), ref: 00A2D249
                                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2226104040.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226057028.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226471803.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226549313.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a00000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                                            • API ID: Thread$CreateErrorLastResume__dosmaperr
                                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                                            • API String ID: 173952441-0
                                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: ccdcfb598d3d85f1f526ed754ff33a381746c55d24537d5f1cf410e15142eccf
                                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: d516fa80b8a16416c6d950ec6e02992b4ac817a143e477a42a7a65731d95630d
                                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: ccdcfb598d3d85f1f526ed754ff33a381746c55d24537d5f1cf410e15142eccf
                                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5F01C436505224BBDB115BA9EC09BEE7A69EF81730F100239F925961D1CF708901C7A0
                                                                                                                                                                                                                                                                                                                                                                            Function 00A0600E Relevance: 6.1, APIs: 4, Instructions: 53windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                                            • CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 00A0604C
                                                                                                                                                                                                                                                                                                                                                                            • GetStockObject.GDI32(00000011), ref: 00A06060
                                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,00000030,00000000), ref: 00A0606A
                                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2226104040.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226057028.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226471803.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226549313.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a00000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                                            • API ID: CreateMessageObjectSendStockWindow
                                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3970641297-0
                                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 9f271e7405eabcd8c9c018798e264111ceccc90dec8a77450d4ad7a3142d8c87
                                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: c5f4279b20ae61f99206132607e56f8a80bd990dfca8606b35ab37651e7c6e33
                                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9f271e7405eabcd8c9c018798e264111ceccc90dec8a77450d4ad7a3142d8c87
                                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: B611A17250150CBFEF128FD4DC44EEA7B69EF08369F044202FA0452050DB329C60DBA0
                                                                                                                                                                                                                                                                                                                                                                            Function 00A23B3C Relevance: 6.1, APIs: 4, Instructions: 53COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                                            • ___BuildCatchObject.LIBVCRUNTIME ref: 00A23B56
                                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00A23AA3: BuildCatchObjectHelperInternal.LIBVCRUNTIME ref: 00A23AD2
                                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00A23AA3: ___AdjustPointer.LIBCMT ref: 00A23AED
                                                                                                                                                                                                                                                                                                                                                                            • _UnwindNestedFrames.LIBCMT ref: 00A23B6B
                                                                                                                                                                                                                                                                                                                                                                            • __FrameHandler3::FrameUnwindToState.LIBVCRUNTIME ref: 00A23B7C
                                                                                                                                                                                                                                                                                                                                                                            • CallCatchBlock.LIBVCRUNTIME ref: 00A23BA4
                                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2226104040.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226057028.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226471803.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226549313.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a00000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                                            • API ID: Catch$BuildFrameObjectUnwind$AdjustBlockCallFramesHandler3::HelperInternalNestedPointerState
                                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                                            • API String ID: 737400349-0
                                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 12ea49abee573113f57dbd3ec3a577afcc9c348439d29e6cbe32e78011ac24d3
                                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 8004581a8a9123efcf5f816695b88dba15a0dd6c0c554cb52267a06c14b5db80
                                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 12ea49abee573113f57dbd3ec3a577afcc9c348439d29e6cbe32e78011ac24d3
                                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D4012933100158BBDF126F9AED42EEB3F6AEF49754F044024FE4856121C736E961DBA0
                                                                                                                                                                                                                                                                                                                                                                            Function 00A33073 Relevance: 6.1, APIs: 4, Instructions: 52libraryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                                            • LoadLibraryExW.KERNEL32(00000000,00000000,00000800,00A013C6,00000000,00000000,?,00A3301A,00A013C6,00000000,00000000,00000000,?,00A3328B,00000006,FlsSetValue), ref: 00A330A5
                                                                                                                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,00A3301A,00A013C6,00000000,00000000,00000000,?,00A3328B,00000006,FlsSetValue,00AA2290,FlsSetValue,00000000,00000364,?,00A32E46), ref: 00A330B1
                                                                                                                                                                                                                                                                                                                                                                            • LoadLibraryExW.KERNEL32(00000000,00000000,00000000,?,00A3301A,00A013C6,00000000,00000000,00000000,?,00A3328B,00000006,FlsSetValue,00AA2290,FlsSetValue,00000000), ref: 00A330BF
                                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2226104040.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226057028.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226471803.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226549313.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a00000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                                            • API ID: LibraryLoad$ErrorLast
                                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3177248105-0
                                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 69c24edae25213b735c8e73c2e25fe67b29fd1645ffae57cc23df21de1963667
                                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 0714ef217ff92d95fd1d19af37316fa52c361908b8511d39bd83cf447ce1d3ed
                                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 69c24edae25213b735c8e73c2e25fe67b29fd1645ffae57cc23df21de1963667
                                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1D01AC33749732ABCF358BB9AC44A5777989F46771F210621F946D7150DB21DD02C6E0
                                                                                                                                                                                                                                                                                                                                                                            Function 00A67464 Relevance: 6.1, APIs: 4, Instructions: 51registryCOMMON
                                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                                            • GetModuleFileNameW.KERNEL32(?,?,00000104,00000000), ref: 00A6747F
                                                                                                                                                                                                                                                                                                                                                                            • LoadTypeLibEx.OLEAUT32(?,00000002,?), ref: 00A67497
                                                                                                                                                                                                                                                                                                                                                                            • RegisterTypeLib.OLEAUT32(?,?,00000000), ref: 00A674AC
                                                                                                                                                                                                                                                                                                                                                                            • RegisterTypeLibForUser.OLEAUT32(?,?,00000000), ref: 00A674CA
                                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2226104040.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226057028.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226471803.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226549313.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a00000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                                            • API ID: Type$Register$FileLoadModuleNameUser
                                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1352324309-0
                                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: fc35bb38a3aa17799cb01d62a7b6048f27c3cd8c397f2ef1c52a048bdf77661b
                                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 90c771b78e7ce0899cde014d71f0f44e07800f7a6eb94408b58b6216158c01e4
                                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: fc35bb38a3aa17799cb01d62a7b6048f27c3cd8c397f2ef1c52a048bdf77661b
                                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: C811ADB5315710ABE720CF58DD0CB9A7BFCEB40B18F50856AA616D6191DFB0E904DBA0
                                                                                                                                                                                                                                                                                                                                                                            Function 00A6B0A8 Relevance: 6.0, APIs: 4, Instructions: 50sleepCOMMON
                                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                                            • QueryPerformanceCounter.KERNEL32(?,?,?,?,?,?,?,?,?,00A6ACD3,?,00008000), ref: 00A6B0C4
                                                                                                                                                                                                                                                                                                                                                                            • Sleep.KERNEL32(00000000,?,?,?,?,?,?,?,?,00A6ACD3,?,00008000), ref: 00A6B0E9
                                                                                                                                                                                                                                                                                                                                                                            • QueryPerformanceCounter.KERNEL32(?,?,?,?,?,?,?,?,?,00A6ACD3,?,00008000), ref: 00A6B0F3
                                                                                                                                                                                                                                                                                                                                                                            • Sleep.KERNEL32(00000000,?,?,?,?,?,?,?,?,00A6ACD3,?,00008000), ref: 00A6B126
                                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2226104040.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226057028.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226471803.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226549313.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a00000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                                            • API ID: CounterPerformanceQuerySleep
                                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                                            • API String ID: 2875609808-0
                                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 7b4d088afe67b7d8c12160c2682d7c80211dd9bd61a39ef893efbcf1e9f76515
                                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 0fcfb8a4cc998fc8076b8e1f7e8717cff5ae32edb75e2586e34758037ad78b86
                                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 7b4d088afe67b7d8c12160c2682d7c80211dd9bd61a39ef893efbcf1e9f76515
                                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 42115E31D1192CE7CF00DFE4E9586EEBF78FF0A711F114286D941B2145CB3095918B65
                                                                                                                                                                                                                                                                                                                                                                            Function 00A62DA7 Relevance: 6.0, APIs: 4, Instructions: 34threadwindowtimeCOMMON
                                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                                            • SendMessageTimeoutW.USER32(?,00000000,00000000,00000000,00000002,00001388,?), ref: 00A62DC5
                                                                                                                                                                                                                                                                                                                                                                            • GetWindowThreadProcessId.USER32(?,00000000), ref: 00A62DD6
                                                                                                                                                                                                                                                                                                                                                                            • GetCurrentThreadId.KERNEL32 ref: 00A62DDD
                                                                                                                                                                                                                                                                                                                                                                            • AttachThreadInput.USER32(00000000,?,00000000,00000000), ref: 00A62DE4
                                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2226104040.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226057028.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226471803.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226549313.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a00000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                                            • API ID: Thread$AttachCurrentInputMessageProcessSendTimeoutWindow
                                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                                            • API String ID: 2710830443-0
                                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 66c96867295f95b4dbb3b43bdc1db020072f4fa9b88bbb3b4a47b4daaa9b62ad
                                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: d94925ae98c8d83358e8d5adf6638b604c7ccdc006ac0e40c0cc92d42c0acfe8
                                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 66c96867295f95b4dbb3b43bdc1db020072f4fa9b88bbb3b4a47b4daaa9b62ad
                                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8AE06D71201A24BADB205BA29C0DFEB7E7CEB42BB1F401516B205D10909AA18942C7B0
                                                                                                                                                                                                                                                                                                                                                                            Function 00A98863 Relevance: 6.0, APIs: 4, Instructions: 31COMMON
                                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00A19639: ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,00000000), ref: 00A19693
                                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00A19639: SelectObject.GDI32(?,00000000), ref: 00A196A2
                                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00A19639: BeginPath.GDI32(?), ref: 00A196B9
                                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00A19639: SelectObject.GDI32(?,00000000), ref: 00A196E2
                                                                                                                                                                                                                                                                                                                                                                            • MoveToEx.GDI32(?,00000000,00000000,00000000), ref: 00A98887
                                                                                                                                                                                                                                                                                                                                                                            • LineTo.GDI32(?,?,?), ref: 00A98894
                                                                                                                                                                                                                                                                                                                                                                            • EndPath.GDI32(?), ref: 00A988A4
                                                                                                                                                                                                                                                                                                                                                                            • StrokePath.GDI32(?), ref: 00A988B2
                                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2226104040.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226057028.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226471803.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226549313.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a00000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                                            • API ID: Path$ObjectSelect$BeginCreateLineMoveStroke
                                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1539411459-0
                                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 9cceb47d378750a699f9f5a36f28c881cb2ed7cf87484565d61bee2ce40b2cff
                                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 4a12b9ed25d50a4cc5ca1cc45ed1cb64edc5094f3b32dd897e75ae30934ee5d0
                                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9cceb47d378750a699f9f5a36f28c881cb2ed7cf87484565d61bee2ce40b2cff
                                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: B1F05E36242658FADB12AFD4AC09FCE3F59AF06320F448102FA22650E1CB795552CFF9
                                                                                                                                                                                                                                                                                                                                                                            Function 00A198B0 Relevance: 6.0, APIs: 4, Instructions: 23COMMON
                                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                                            • GetSysColor.USER32(00000008), ref: 00A198CC
                                                                                                                                                                                                                                                                                                                                                                            • SetTextColor.GDI32(?,?), ref: 00A198D6
                                                                                                                                                                                                                                                                                                                                                                            • SetBkMode.GDI32(?,00000001), ref: 00A198E9
                                                                                                                                                                                                                                                                                                                                                                            • GetStockObject.GDI32(00000005), ref: 00A198F1
                                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2226104040.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226057028.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226471803.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226549313.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a00000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                                            • API ID: Color$ModeObjectStockText
                                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                                            • API String ID: 4037423528-0
                                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 6618d8c72677d3248620b20b706915db92149d8f97ed64017c6e199632c20255
                                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 336d1b6b52ae8ee8871438488a279aec7ab6e39e8be4cca7ed37e5830c49f7fe
                                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 6618d8c72677d3248620b20b706915db92149d8f97ed64017c6e199632c20255
                                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 62E06D31344A80ABDB219BB4BC09BED3F20AB12336F14831AFAFA580E1CB714645DB10
                                                                                                                                                                                                                                                                                                                                                                            Function 00A6162B Relevance: 6.0, APIs: 4, Instructions: 22threadCOMMON
                                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                                            • GetCurrentThread.KERNEL32 ref: 00A61634
                                                                                                                                                                                                                                                                                                                                                                            • OpenThreadToken.ADVAPI32(00000000,?,?,?,00A611D9), ref: 00A6163B
                                                                                                                                                                                                                                                                                                                                                                            • GetCurrentProcess.KERNEL32(00000028,?,?,?,?,00A611D9), ref: 00A61648
                                                                                                                                                                                                                                                                                                                                                                            • OpenProcessToken.ADVAPI32(00000000,?,?,?,00A611D9), ref: 00A6164F
                                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2226104040.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226057028.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226471803.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226549313.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a00000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                                            • API ID: CurrentOpenProcessThreadToken
                                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3974789173-0
                                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 9bbbcbe536ac788a8dd2efc6440e5fe4955c6176c30f99b7ac82b2cd95ece48e
                                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: f453d45511f0c8f242a4706b57a3a5b35dff982aa5d4f7edd42acad5e2e6327f
                                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9bbbcbe536ac788a8dd2efc6440e5fe4955c6176c30f99b7ac82b2cd95ece48e
                                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D0E08639701211EBDB205FE09E0DB873F7CAF447A5F188809F345C9080DE344542C760
                                                                                                                                                                                                                                                                                                                                                                            Function 00A5D858 Relevance: 6.0, APIs: 4, Instructions: 19COMMON
                                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                                            • GetDesktopWindow.USER32 ref: 00A5D858
                                                                                                                                                                                                                                                                                                                                                                            • GetDC.USER32(00000000), ref: 00A5D862
                                                                                                                                                                                                                                                                                                                                                                            • GetDeviceCaps.GDI32(00000000,0000000C), ref: 00A5D882
                                                                                                                                                                                                                                                                                                                                                                            • ReleaseDC.USER32(?), ref: 00A5D8A3
                                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2226104040.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226057028.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226471803.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226549313.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a00000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                                            • API ID: CapsDesktopDeviceReleaseWindow
                                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                                            • API String ID: 2889604237-0
                                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 7f80aaa12568f6ffb2b3c2c46206e9578ccc07d36732f9430c679d7f1dc07f64
                                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 00058388e89d7c65f40bedddc94778b8f70bfe0eb390d37e7b2c53c2a31cc2fc
                                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 7f80aaa12568f6ffb2b3c2c46206e9578ccc07d36732f9430c679d7f1dc07f64
                                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 23E01AB5900605DFCF41DFE0D90866DBBB1FB08321F14900AE906E7250CF399942AF50
                                                                                                                                                                                                                                                                                                                                                                            Function 00A5D86C Relevance: 6.0, APIs: 4, Instructions: 18COMMON
                                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                                            • GetDesktopWindow.USER32 ref: 00A5D86C
                                                                                                                                                                                                                                                                                                                                                                            • GetDC.USER32(00000000), ref: 00A5D876
                                                                                                                                                                                                                                                                                                                                                                            • GetDeviceCaps.GDI32(00000000,0000000C), ref: 00A5D882
                                                                                                                                                                                                                                                                                                                                                                            • ReleaseDC.USER32(?), ref: 00A5D8A3
                                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2226104040.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226057028.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226471803.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226549313.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a00000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                                            • API ID: CapsDesktopDeviceReleaseWindow
                                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                                            • API String ID: 2889604237-0
                                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 1495102c1b1bdd16c5b7aba3e3eb1988a735c57864ab18454a228c1d03615e8d
                                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: d40fef7d361b3529daaf0ad96b7e0d9fb2f5cc6aaca4b6da5d8ef6500cf65010
                                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 1495102c1b1bdd16c5b7aba3e3eb1988a735c57864ab18454a228c1d03615e8d
                                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 92E092B5A00605EFCF51EFE0D90866DBBB5BB08321F14944AEA4AE7250CF399942AF50
                                                                                                                                                                                                                                                                                                                                                                            Function 00A74D87 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 230shareCOMMON
                                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00A07620: _wcslen.LIBCMT ref: 00A07625
                                                                                                                                                                                                                                                                                                                                                                            • WNetUseConnectionW.MPR(00000000,?,0000002A,00000000,?,?,0000002A,?), ref: 00A74ED4
                                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2226104040.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226057028.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226471803.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226549313.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a00000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                                            • API ID: Connection_wcslen
                                                                                                                                                                                                                                                                                                                                                                            • String ID: *$LPT
                                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1725874428-3443410124
                                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 0f6b81c612c3d316d9e98464ba53bba3b645c8339487c605e906166327638807
                                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: ef5dd510de09d9257f930336a2aa8c8056de670c53ed8c799a3611e432d53d83
                                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0f6b81c612c3d316d9e98464ba53bba3b645c8339487c605e906166327638807
                                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 94917175A002049FCB14DF58C984EAABBF5BF48714F19C099E80A9F3A2D735ED85CB91
                                                                                                                                                                                                                                                                                                                                                                            Function 00A2E27D Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 189COMMON
                                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                                            • __startOneArgErrorHandling.LIBCMT ref: 00A2E30D
                                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2226104040.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226057028.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226471803.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226549313.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a00000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                                            • API ID: ErrorHandling__start
                                                                                                                                                                                                                                                                                                                                                                            • String ID: pow
                                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3213639722-2276729525
                                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 07cf807acd2faf2c17c1ace3afd170985e647aabca7694275ee0280ff1be65bc
                                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: d33295125624fcdd27119aa13e877883a3bc95a1f52810c47212f7505e96e20c
                                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 07cf807acd2faf2c17c1ace3afd170985e647aabca7694275ee0280ff1be65bc
                                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F5513DB1A0C20296CB35F71CEA417BD3BA4AF40781F344978F496462E9DB358CD59B86
                                                                                                                                                                                                                                                                                                                                                                            Function 00A1E187 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 184COMMON
                                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2226104040.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226057028.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226471803.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226549313.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a00000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                                                                                                                            • String ID: #
                                                                                                                                                                                                                                                                                                                                                                            • API String ID: 0-1885708031
                                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: a31a85eff4211af3702de4ddda38b05690f02a0e2e148598474519ee15445653
                                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: e3092182d3e78e4c313c10ce93ed8f647562bd9f3e8b5f4b482622bb681db9dd
                                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a31a85eff4211af3702de4ddda38b05690f02a0e2e148598474519ee15445653
                                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: C8513271A00256DFDF19DF68D091AFA7BA9FF29311F244059FC919B2C0D6309E86CBA0
                                                                                                                                                                                                                                                                                                                                                                            Function 00A1F291 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 144sleepCOMMON
                                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                                            • Sleep.KERNEL32(00000000), ref: 00A1F2A2
                                                                                                                                                                                                                                                                                                                                                                            • GlobalMemoryStatusEx.KERNEL32(?), ref: 00A1F2BB
                                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2226104040.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226057028.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226471803.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226549313.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a00000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                                            • API ID: GlobalMemorySleepStatus
                                                                                                                                                                                                                                                                                                                                                                            • String ID: @
                                                                                                                                                                                                                                                                                                                                                                            • API String ID: 2783356886-2766056989
                                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: f29423f939949d273c7f298400a7bafc329ec4bee7e7a2d80d12c3c92546a9b6
                                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 26807b64d2219ab06e36f5f3728af13ad3466ce93afc334501c5622e396cdca6
                                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: f29423f939949d273c7f298400a7bafc329ec4bee7e7a2d80d12c3c92546a9b6
                                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: EC5155718087499BD320EF50E986BAFBBF8FB84310F81894DF199411A5EB309529CB67
                                                                                                                                                                                                                                                                                                                                                                            Function 00A85745 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 125COMMON
                                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                                            • CharUpperBuffW.USER32(?,?,?,00000003,?,?), ref: 00A857E0
                                                                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 00A857EC
                                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2226104040.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226057028.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226471803.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226549313.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a00000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                                            • API ID: BuffCharUpper_wcslen
                                                                                                                                                                                                                                                                                                                                                                            • String ID: CALLARGARRAY
                                                                                                                                                                                                                                                                                                                                                                            • API String ID: 157775604-1150593374
                                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: a85180eb617ade114b7c4cc6da573253d6ba30667a85518b92ac08a1b5cb3e36
                                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 0b33954887aeb35f64a227650a85cbdffd8dfd0cc1dde1f77adff6bba2103099
                                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a85180eb617ade114b7c4cc6da573253d6ba30667a85518b92ac08a1b5cb3e36
                                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 29419171E006099FCB14EFB9C9819EEBBF5FF59324F10406AE905A7291EB709D81DB90
                                                                                                                                                                                                                                                                                                                                                                            Function 00A7D0F4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 98networkCOMMON
                                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 00A7D130
                                                                                                                                                                                                                                                                                                                                                                            • InternetCrackUrlW.WININET(?,00000000,00000000,0000007C), ref: 00A7D13A
                                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2226104040.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226057028.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226471803.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226549313.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a00000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                                            • API ID: CrackInternet_wcslen
                                                                                                                                                                                                                                                                                                                                                                            • String ID: |
                                                                                                                                                                                                                                                                                                                                                                            • API String ID: 596671847-2343686810
                                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 210e42364f57ffc6f1fbbf6141389d8b5e810312160121f54f3eb640bdf2ca6b
                                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 12dc46bab57ad61784c3c6d67ee5dcc54c3c0784e829cbe282ae3cd1283c433c
                                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 210e42364f57ffc6f1fbbf6141389d8b5e810312160121f54f3eb640bdf2ca6b
                                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 41313E71D00219ABCF15EFA4DD85AEE7FB9FF04304F404119F819A61A2E731AA56CB60
                                                                                                                                                                                                                                                                                                                                                                            Function 00A9356C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 96COMMON
                                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                                            • DestroyWindow.USER32(?,?,?,?), ref: 00A93621
                                                                                                                                                                                                                                                                                                                                                                            • MoveWindow.USER32(?,?,?,?,?,00000001,?,?,?), ref: 00A9365C
                                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2226104040.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226057028.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226471803.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226549313.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a00000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                                            • API ID: Window$DestroyMove
                                                                                                                                                                                                                                                                                                                                                                            • String ID: static
                                                                                                                                                                                                                                                                                                                                                                            • API String ID: 2139405536-2160076837
                                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: cf0f7d31f64eaf9a42c6c2c0f3abe98ceb95d29e8ae244dc4d384e48f92fd138
                                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 96e33243aec671736260ef21c1838102a60d82f92288871578335fcb330dfe75
                                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: cf0f7d31f64eaf9a42c6c2c0f3abe98ceb95d29e8ae244dc4d384e48f92fd138
                                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 65317872200604AEDF10DF68D880ABB73F9FF88724F10961AF9A5D7280DA31A991D760
                                                                                                                                                                                                                                                                                                                                                                            Function 00A94537 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 95windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000027,00001132,00000000,?), ref: 00A9461F
                                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00001105,00000000,00000000), ref: 00A94634
                                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2226104040.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226057028.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226471803.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226549313.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a00000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                                            • API ID: MessageSend
                                                                                                                                                                                                                                                                                                                                                                            • String ID: '
                                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3850602802-1997036262
                                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: fd9c074450b10d11fba2c59e99b83a2890921231802a22793039397e4f12c24b
                                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 269388906a6dedbcd9c95cc0bfd3702ffafd4eb116cca13f3626ba5f826cfa6a
                                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: fd9c074450b10d11fba2c59e99b83a2890921231802a22793039397e4f12c24b
                                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 933117B4B012099FDF14CFA9C990BDA7BF5FB09300F11416AE905AB341E770A942CF90
                                                                                                                                                                                                                                                                                                                                                                            Function 00A931EF Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 72windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,00000143,00000000,?), ref: 00A9327C
                                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 00A93287
                                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2226104040.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226057028.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226471803.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226549313.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a00000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                                            • API ID: MessageSend
                                                                                                                                                                                                                                                                                                                                                                            • String ID: Combobox
                                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3850602802-2096851135
                                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: c6e68b2a2555fd126bb945860717103d74d6b46e9c9c519b30106dfc6bab8ad3
                                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 11c632a20383bf9c9d4b01bb3de57714fb1e4906af9c0af2b131c3ad2aae1aee
                                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: c6e68b2a2555fd126bb945860717103d74d6b46e9c9c519b30106dfc6bab8ad3
                                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6E11B2723002087FFF25DF94DC84EFB37AAEBA4364F104529FA1997290D6759D518760
                                                                                                                                                                                                                                                                                                                                                                            Function 00A93710 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 67COMMON
                                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00A0600E: CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 00A0604C
                                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00A0600E: GetStockObject.GDI32(00000011), ref: 00A06060
                                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00A0600E: SendMessageW.USER32(00000000,00000030,00000000), ref: 00A0606A
                                                                                                                                                                                                                                                                                                                                                                            • GetWindowRect.USER32(00000000,?), ref: 00A9377A
                                                                                                                                                                                                                                                                                                                                                                            • GetSysColor.USER32(00000012), ref: 00A93794
                                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2226104040.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226057028.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226471803.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226549313.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a00000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                                            • API ID: Window$ColorCreateMessageObjectRectSendStock
                                                                                                                                                                                                                                                                                                                                                                            • String ID: static
                                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1983116058-2160076837
                                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 78dfec82e00f8f1153ee8554d507b9d059f6704e19639f3e10b5a103d5597bda
                                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 84fd2f1f3e58e4b4d46d79d237f8f9e89d4af875594c2dc666693165b21bf15a
                                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 78dfec82e00f8f1153ee8554d507b9d059f6704e19639f3e10b5a103d5597bda
                                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1C1126B2610209AFDF00DFA8CD46AEA7BF8FB08314F004915F956E2250EB35E8619B60
                                                                                                                                                                                                                                                                                                                                                                            Function 00A7CD1E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 66networkCOMMON
                                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                                            • InternetOpenW.WININET(?,00000000,00000000,00000000,00000000), ref: 00A7CD7D
                                                                                                                                                                                                                                                                                                                                                                            • InternetSetOptionW.WININET(00000000,00000032,?,00000008), ref: 00A7CDA6
                                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2226104040.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226057028.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226471803.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226549313.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a00000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                                            • API ID: Internet$OpenOption
                                                                                                                                                                                                                                                                                                                                                                            • String ID: <local>
                                                                                                                                                                                                                                                                                                                                                                            • API String ID: 942729171-4266983199
                                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 7aa1dab7c6af8b39940f21187559a9cd9a29af724f5b9a9c0daa4bc3cd8a465e
                                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 71b0468a880698e8d54a4d3d45984c1a02041f194db0d2a94abb5086abc31c92
                                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 7aa1dab7c6af8b39940f21187559a9cd9a29af724f5b9a9c0daa4bc3cd8a465e
                                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3811A071205631BAD7384BA68C49EE7BEACEB127B4F00C22EB10D82181D6649941D6F0
                                                                                                                                                                                                                                                                                                                                                                            Function 00A93429 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 64windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                                            • GetWindowTextLengthW.USER32(00000000), ref: 00A934AB
                                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,000000B1,00000000,00000000), ref: 00A934BA
                                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2226104040.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226057028.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226471803.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226549313.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a00000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                                            • API ID: LengthMessageSendTextWindow
                                                                                                                                                                                                                                                                                                                                                                            • String ID: edit
                                                                                                                                                                                                                                                                                                                                                                            • API String ID: 2978978980-2167791130
                                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 708c1ca1fb7f08657bf83b1d52244d77f08c5b27e6d3ce502109816d465ccb8c
                                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: bf4a69558cf6e653c9994751061732d187c06cbf149c6ebc4f8e0e86cdeeb3c3
                                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 708c1ca1fb7f08657bf83b1d52244d77f08c5b27e6d3ce502109816d465ccb8c
                                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 10116D72200108AAEF118F64DC44AAA37FAEB85779F514724F965931D0C775EC519760
                                                                                                                                                                                                                                                                                                                                                                            Function 00A66C86 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 56COMMON
                                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00A09CB3: _wcslen.LIBCMT ref: 00A09CBD
                                                                                                                                                                                                                                                                                                                                                                            • CharUpperBuffW.USER32(?,?,?), ref: 00A66CB6
                                                                                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 00A66CC2
                                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2226104040.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226057028.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226471803.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226549313.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a00000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                                            • API ID: _wcslen$BuffCharUpper
                                                                                                                                                                                                                                                                                                                                                                            • String ID: STOP
                                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1256254125-2411985666
                                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: e55d6c521c93dfc3ce420039c12320caa43d08512263e75b1e3fa4ccb889c48b
                                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 0483fe8beeea1c490312d422be816918011758a0765de8fa254b286b9757ef5f
                                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: e55d6c521c93dfc3ce420039c12320caa43d08512263e75b1e3fa4ccb889c48b
                                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: DB01D232A0092ACBCB20AFFDDD809BF77B5EF65714B100538E862971D1EB31D940C650
                                                                                                                                                                                                                                                                                                                                                                            Function 00A61CDE Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 52windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00A09CB3: _wcslen.LIBCMT ref: 00A09CBD
                                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00A63CA7: GetClassNameW.USER32(?,?,000000FF), ref: 00A63CCA
                                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,000001A2,000000FF,?), ref: 00A61D4C
                                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2226104040.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226057028.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226471803.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226549313.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a00000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                                            • API ID: ClassMessageNameSend_wcslen
                                                                                                                                                                                                                                                                                                                                                                            • String ID: ComboBox$ListBox
                                                                                                                                                                                                                                                                                                                                                                            • API String ID: 624084870-1403004172
                                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: bc2c67483f60637f693a848ba33419c4a34c4c6469c193e45598e00d60a27c42
                                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 8e97d3ff186cf048b9a5b82b0da644b35bab70cef61432584fcb7577cda5287a
                                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: bc2c67483f60637f693a848ba33419c4a34c4c6469c193e45598e00d60a27c42
                                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5901B571A01218ABCF04EBA4DD51DFF7BB8FB56350F040919F822573C2EA30590D8660
                                                                                                                                                                                                                                                                                                                                                                            Function 00A61BD8 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 50windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00A09CB3: _wcslen.LIBCMT ref: 00A09CBD
                                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00A63CA7: GetClassNameW.USER32(?,?,000000FF), ref: 00A63CCA
                                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00000180,00000000,?), ref: 00A61C46
                                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2226104040.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226057028.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226471803.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226549313.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a00000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                                            • API ID: ClassMessageNameSend_wcslen
                                                                                                                                                                                                                                                                                                                                                                            • String ID: ComboBox$ListBox
                                                                                                                                                                                                                                                                                                                                                                            • API String ID: 624084870-1403004172
                                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 61e1d128858cadce18ed9d9c21db7954dcc60a6d8b06696efcd70f21c1d672e0
                                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 96226f7fbc310f41266a0850a1c11d24c6549d7863831fb2a139ab1d3b126bd0
                                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 61e1d128858cadce18ed9d9c21db7954dcc60a6d8b06696efcd70f21c1d672e0
                                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3401A775B811086ADF04EBA0DA52EFF7BB89B11340F140019B506672C2EA249E1C96B1
                                                                                                                                                                                                                                                                                                                                                                            Function 00A61C5C Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 49windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00A09CB3: _wcslen.LIBCMT ref: 00A09CBD
                                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00A63CA7: GetClassNameW.USER32(?,?,000000FF), ref: 00A63CCA
                                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00000182,?,00000000), ref: 00A61CC8
                                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2226104040.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226057028.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226471803.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226549313.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a00000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                                            • API ID: ClassMessageNameSend_wcslen
                                                                                                                                                                                                                                                                                                                                                                            • String ID: ComboBox$ListBox
                                                                                                                                                                                                                                                                                                                                                                            • API String ID: 624084870-1403004172
                                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: b9af66f8b79b8936aa32efa03d4b5fb65b993f5a429a042932c012f9bfb0b9d7
                                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 8479dc9130bec1a25188bfed30bfdd4c03b488b0160afea70ab57714eb6d1e6c
                                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: b9af66f8b79b8936aa32efa03d4b5fb65b993f5a429a042932c012f9bfb0b9d7
                                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5001A7B1A4011866DB04E7A0DB01EFF7BB89B11340F140415B801732C2EA209F19D671
                                                                                                                                                                                                                                                                                                                                                                            Function 00A61D68 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 46windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00A09CB3: _wcslen.LIBCMT ref: 00A09CBD
                                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00A63CA7: GetClassNameW.USER32(?,?,000000FF), ref: 00A63CCA
                                                                                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,0000018B,00000000,00000000), ref: 00A61DD3
                                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2226104040.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226057028.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226471803.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226549313.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a00000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                                            • API ID: ClassMessageNameSend_wcslen
                                                                                                                                                                                                                                                                                                                                                                            • String ID: ComboBox$ListBox
                                                                                                                                                                                                                                                                                                                                                                            • API String ID: 624084870-1403004172
                                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: eb45d6d24d7f5784d4f75fe895e73ece3ff2c144db775e0ba0f7d42ab0f5f1f8
                                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 18ce55277a2d09eae34cea6aa43c87883eda6bebbd93d858ba585232b96d280a
                                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: eb45d6d24d7f5784d4f75fe895e73ece3ff2c144db775e0ba0f7d42ab0f5f1f8
                                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 89F0A471F41218AADB04E7A4DE52FFF7BB8AB01350F080D19B922632C2EA60690D8261
                                                                                                                                                                                                                                                                                                                                                                            Function 00A8747E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 36COMMON
                                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2226104040.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226057028.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226471803.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226549313.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a00000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                                            • API ID: _wcslen
                                                                                                                                                                                                                                                                                                                                                                            • String ID: 3, 3, 16, 1
                                                                                                                                                                                                                                                                                                                                                                            • API String ID: 176396367-3042988571
                                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 70370a97feae3e58f5f5a4493f2a5b81c52e819972f3e6f01f6475343c416291
                                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 9de4e2a349c86fd234508ce4d8daffe07d0b342fe07db665cc48fa9670e3e31d
                                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 70370a97feae3e58f5f5a4493f2a5b81c52e819972f3e6f01f6475343c416291
                                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 01E02B02204230209331337DADC1A7F5689DFC9750734183BF995C2266EAD4CDD193A0
                                                                                                                                                                                                                                                                                                                                                                            Function 00A60B15 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 28windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                                            • MessageBoxW.USER32(00000000,Error allocating memory.,AutoIt,00000010), ref: 00A60B23
                                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2226104040.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226057028.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226471803.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226549313.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a00000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                                            • API ID: Message
                                                                                                                                                                                                                                                                                                                                                                            • String ID: AutoIt$Error allocating memory.
                                                                                                                                                                                                                                                                                                                                                                            • API String ID: 2030045667-4017498283
                                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 9a509bed32e71555c1d149645c88348ed6a3888322b0c24cc782f7e6ef67c9a2
                                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 6c033f17a417524e8942489964cc6f67b5c0b44c7938aea57754ddfb243ddfe6
                                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9a509bed32e71555c1d149645c88348ed6a3888322b0c24cc782f7e6ef67c9a2
                                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 59E0DF323887183AD61037947D03FCA7AC49F09B64F10082AFB88994C38EE224E006A9
                                                                                                                                                                                                                                                                                                                                                                            Function 00A20D42 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 22COMMON
                                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00A1F7C9: InitializeCriticalSectionAndSpinCount.KERNEL32(?,00000000,?,00A20D71,?,?,?,00A0100A), ref: 00A1F7CE
                                                                                                                                                                                                                                                                                                                                                                            • IsDebuggerPresent.KERNEL32(?,?,?,00A0100A), ref: 00A20D75
                                                                                                                                                                                                                                                                                                                                                                            • OutputDebugStringW.KERNEL32(ERROR : Unable to initialize critical section in CAtlBaseModule,?,?,?,00A0100A), ref: 00A20D84
                                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                                            • ERROR : Unable to initialize critical section in CAtlBaseModule, xrefs: 00A20D7F
                                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2226104040.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226057028.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226471803.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226549313.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a00000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                                            • API ID: CountCriticalDebugDebuggerInitializeOutputPresentSectionSpinString
                                                                                                                                                                                                                                                                                                                                                                            • String ID: ERROR : Unable to initialize critical section in CAtlBaseModule
                                                                                                                                                                                                                                                                                                                                                                            • API String ID: 55579361-631824599
                                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 53dd62170cced23a14f53385aec95f9c5834fd91c2c27f195576ab0523766aa1
                                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 67f0bf4e16775ebfc0e97c3fb8f8cad2ff48c7b11f48e0443f2adc59cd76bc39
                                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 53dd62170cced23a14f53385aec95f9c5834fd91c2c27f195576ab0523766aa1
                                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: E1E06D743017518FD760EFBCE504B827BE0AB00740F00493EE482C6652EBB0E4458B91
                                                                                                                                                                                                                                                                                                                                                                            Function 00A73017 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 18COMMON
                                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                                            • GetTempPathW.KERNEL32(00000104,?,00000001), ref: 00A7302F
                                                                                                                                                                                                                                                                                                                                                                            • GetTempFileNameW.KERNEL32(?,aut,00000000,?), ref: 00A73044
                                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2226104040.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226057028.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226471803.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226549313.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a00000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                                            • API ID: Temp$FileNamePath
                                                                                                                                                                                                                                                                                                                                                                            • String ID: aut
                                                                                                                                                                                                                                                                                                                                                                            • API String ID: 3285503233-3010740371
                                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: 9088b4043ecaf5b7cbca19888d8380a5fe2fc5ec2ff23b2b65581c4244ee73d0
                                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 13400c0573b0a0ffcbd287b31fccd0de9e3735fe772184fe63c3982df145f9e0
                                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9088b4043ecaf5b7cbca19888d8380a5fe2fc5ec2ff23b2b65581c4244ee73d0
                                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 24D05B7150031477DA20E7D89C0DFC73A6CD704760F0005527655D2091DEB09545CAD0
                                                                                                                                                                                                                                                                                                                                                                            Function 00A92322 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 15windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                                            • FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 00A9232C
                                                                                                                                                                                                                                                                                                                                                                            • PostMessageW.USER32(00000000,00000111,00000197,00000000), ref: 00A9233F
                                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00A6E97B: Sleep.KERNEL32 ref: 00A6E9F3
                                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2226104040.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226057028.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226471803.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226549313.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a00000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                                            • API ID: FindMessagePostSleepWindow
                                                                                                                                                                                                                                                                                                                                                                            • String ID: Shell_TrayWnd
                                                                                                                                                                                                                                                                                                                                                                            • API String ID: 529655941-2988720461
                                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: c1a3f66732c8d689999ee4330b07126d5c11d25b58880e99b14a331bd0a1788e
                                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 6fa356245a506a0c9efa57c9b2ea420452a38b2b403dbf3bfc0417d06483f1b6
                                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: c1a3f66732c8d689999ee4330b07126d5c11d25b58880e99b14a331bd0a1788e
                                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 27D0C936394710B6E664E7B09C0FFC6AA24AF00B20F0149167745AA1D4C9A4A8028A54
                                                                                                                                                                                                                                                                                                                                                                            Function 00A92356 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 15windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                                            • FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 00A9236C
                                                                                                                                                                                                                                                                                                                                                                            • PostMessageW.USER32(00000000), ref: 00A92373
                                                                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00A6E97B: Sleep.KERNEL32 ref: 00A6E9F3
                                                                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2226104040.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226057028.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226471803.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226549313.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a00000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                                            • API ID: FindMessagePostSleepWindow
                                                                                                                                                                                                                                                                                                                                                                            • String ID: Shell_TrayWnd
                                                                                                                                                                                                                                                                                                                                                                            • API String ID: 529655941-2988720461
                                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: f351dbe3bee7ccc8d5313af0c2245f7af543e51a122f081eba60467e8b8f2188
                                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 07a6fd3226b25ef7cc9a96b1952f615934bf535ff9f7e873619368cf4ac51f5c
                                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: f351dbe3bee7ccc8d5313af0c2245f7af543e51a122f081eba60467e8b8f2188
                                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 98D0C9363C17107AE664E7B09C0FFC6A624AB04B20F0149167745AA1D4C9A4A8028A54
                                                                                                                                                                                                                                                                                                                                                                            Function 00A3BDFD Relevance: 5.1, APIs: 4, Instructions: 139COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                                                                            • MultiByteToWideChar.KERNEL32(?,00000009,?,00000000,00000000,?,?,?,00000000,?,?,?,?,?,00000000,?), ref: 00A3BE93
                                                                                                                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 00A3BEA1
                                                                                                                                                                                                                                                                                                                                                                            • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 00A3BEFC
                                                                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2226104040.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226057028.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226294747.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226471803.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2226549313.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_a00000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                                                                            • API ID: ByteCharMultiWide$ErrorLast
                                                                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                                                                            • API String ID: 1717984340-0
                                                                                                                                                                                                                                                                                                                                                                            • Opcode ID: f30803284fcd569138ebfe137607432e2cc720968c0e6c88609b75d8cc9aeec9
                                                                                                                                                                                                                                                                                                                                                                            • Instruction ID: 6f7f2c627aea8653ff983b9fd4818989a63c0e088727f41d39dfaf026117f52a
                                                                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: f30803284fcd569138ebfe137607432e2cc720968c0e6c88609b75d8cc9aeec9
                                                                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3241D734615216AFCF21CFA8DD54ABABBB6AF41320F245169FA599B1A1DB30CD01CB70